FarrosFR has written an article on TryHackMe’s Memory Analysis Introduction, covering the topic of memory analysis in cyber security investigations, including how RAM loss on turning off a system makes it a crucial part of capturing attacks to analyse.
This walkthrough teaches the user memory dumps, attack fingerprints and how to recognise memory structures, with the following objectives:
Understanding memory analysis in cyber security investigations and the behavioural memory structures it focuses on
Being able to recognise attack traces in memory through interactive sections and memory dumps
Gaining a comprehensive understanding of memory analysis as a whole, from volatile memory through to filesystem analysis, to networks and artefacts and the attacks that utilise them.
This introduction is meant to be utilised as an entry point for those new to memory analysis, and those wanting to become a threat analyst.