TRY-HACK-ME.DIGITAL FORENSICS & INCIDENT RESPONSE.VOLATILITY. TASK 4 & 5
This task involves open source resources where files can be uploaded to check for malware.
With the list of DLL files visible in the tmp folder, as in Task 3, we can obtain their MD5 hashes by using the command ‘md5sum’.
This can then be entered into Virus Total in the ‘Search’ field.
Once this has been done, this instruction can be marked as complete.
The next instruction is to do the same with Hybrid Analysis which will also send the hash or file to Virus Total for analysis.
Once done, this instruction can be marked as complete.
The next question requires an answer, based on the output of the previous two instructions.
Cridex matches the placeholder length and is accepted as the correct answer.
This task simply provides a set of links to cool DFIR resources and can be marked as complete without any answers being required.
This marks the end of the tasks for Volatility.