1. What time was the RAM image acquired according to the suspect system? (YYYY-MM-DD HH:MM:SS)
python3 vol.py -f 20210430-Win10Home-20H2-64bit-memdump.mem windows.info
Ответ: 2021-04-30 17:52:19
2. What is the SHA256 hash value of the RAM image?
sha256sum 20210430-Win10Home-20H2-64bit-memdump.mem
Ответ: 9db01b1e7b19a3b2113bfb65e860fffd7a1630bdf2b18613d206ebf2aa0ea172
3. What is the process ID of “brave.exe”?
python3…
Форум информационной безопасности – Codeby.net
Ваша реакция?
+1
+1
+1
+1
+1
+1
+1