Your lab session has been automatically terminated due to the expiration of your allocated time.
What time was the RAM image acquired according to the suspect system? (YYYY-MM-DD HH:MM:SS)
What is the SHA256 hash value of the RAM image?
What is the process ID of "brave.exe"?
How many established network connections were there at the time of acquisition? (number)
What FQDN does Chrome have an established network connection with?
What is the MD5 hash value of process executable for PID 6988?
What is the word starting at offset 0x45BE876 with a length of 6 bytes?
What is the creation date and time of the parent process of "powershell.exe"? (YYYY-MM-DD HH:MM:SS)
What is the full path and name of the last file opened in notepad?
How long did the suspect use Brave browser? (hh:mm:ss)
Instructions:
A memory image was taken from a seized Windows machine. As a security blue team analyst, analyze the image and answer the provided questions.
cyberw0lf
833 days ago
adr221
today
Given the sheer volume of email requests, our team might take longer to get back to you. Want a quick answer? Post in our community where our team & members respond promptly!
Thank you for your understanding.
