grrcon GrrCon 2017 DFIR write up - Level 1 #GrrCon 2017 #DFIR #CTF challenge. Several host images and memory dumps need to be analysed and investigated. Submit IOCs as you progress...
blueteam Blue Team Basics - PCAP File Extraction A few methods of how to carve data out of PCAPs. Whether this be a single analysis of some network traffic or part of a malware analysis lab. Using Wireshark Ideal for investigating
ctf GrrCon 2016 DFIR Write up - Part 3 Level 3 Question 16) What is the maldoc md5hash? Start by using FILESCAN and searching for documents .rtf, .doc, .docx etc... [email protected]:~# python volatility/vol.py -f /mnt/hgfs/Shared/Part3/ecorpwin7-e73257c4.
forensics GrrCon 2016 DFIR Write up - Part 1 CTF HOMEPAGE https://ir.e-corp.biz/home To start off, get Volatility or a prebuilt vm like SANS SIFT Workstation, they've recommended using the provided Security Onion image. Also, check out the community