Bluescreen.rar

Providing the MD5 hash or the platform name would help in giving you the exact steps for that specific challenge.

python vol.py -f dump.raw --profile=Win7SP1x64 pslist (Looking for suspicious or hidden processes). bluescreen.rar

If the archive contains a .dmp file, the goal is usually to find out what caused the crash or extract data from memory. Providing the MD5 hash or the platform name

The investigation reveals that the system crashed due to [Specific Driver/Malware], and the flag was recovered from [Specific Memory Location]. or WinDbg . 2. Initial Analysis

unrar , file , strings , Volatility (if a memory dump is inside), BlueScreenView , or WinDbg . 2. Initial Analysis

Scroll to Top