We’re testing our Memory Analysis package (currently in beta) against various challenges available online.
We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to MemLabs for creating it in the first place.
The description is as follows:
“My system was recently compromised. The Hacker stole a lot of information but he also deleted a very important file of mine. I have no idea on how to recover it. The only evidence we have, at this point of time is this memory dump. Please help me.
Note: This challenge is composed of only 1 flag.
The flag format for this lab is: inctf{s0me_l33t_Str1ng}”
Although this challenge is rated as medium difficulty, it took us only a minute to solve, thanks to the file scan action.