If the issue is about how to solve the question, please use our Discord server.
A memory image was taken from a seized Windows machine. Analyze the image and answer the provided questions.
What time was the RAM image acquired according to the suspect system? (YYYY-MM-DD HH:MM:SS)
What is the SHA256 hash value of the RAM image?
What is the process ID of "brave.exe"?
How many established network connections were there at the time of acquisition? (number)
What FQDN does Chrome have an established network connection with?
What is the MD5 hash value of process memory for PID 6988?
What is the word starting at offset 0x45BE876 with a length of 6 bytes?
What is the creation date and time of the parent process of "powershell.exe"? (YYYY-MM-DD HH:MM:SS)
What is the full path and name of the last file opened in notepad?
How long did the suspect use Brave browser? (hh:mm:ss)