Virtual Labs

Tools

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Retrieving Password Hashes and Dumping Cached Files from Memory Dumps

Choose difficulty:

Beginner

Intermediate

Advanced

What are Symbol tables?

a: A table with mapping of addresses and human readable names Explanation

Explanation

b: A table with mapping of a JPG image file location address in the disk to memory address Explanation

Explanation

c: A table with mapping of MAC and its corresponding IP address Explanation

Explanation

Is it possible to extract every file present on a file system from a memory dump?

a: yes Explanation

Explanation

b: no Explanation

Explanation

What type of files are typically recovered during memory forensics?

a: All deleted files from the hard disk Explanation

Explanation

b: Files that were actively loaded into memory Explanation

Explanation

c: Only system files Explanation

Explanation

d: Only executable files Explanation

Explanation

Which tool is commonly used to analyze memory dumps?

a: Wireshark Explanation

Explanation

b: Volatility Explanation

Explanation

c: Nmap Explanation

Explanation

d: Netcat Explanation

Explanation

Why might cached files appear in memory dumps?

a: Because they are permanently stored in RAM Explanation

Explanation

b: Because they were recently accessed and kept in memory for performance Explanation

Explanation

c: Because the operating system saves them in memory forever Explanation

Explanation

d: Because the user copied them manually into RAM Explanation

Explanation

Community Links Sakshat Portal Outreach Portal FAQ: Virtual Labs

AGPL 3.0 & Creative Commons (CC BY-NC-SA 4.0)