Analyze the provided memory (Kobayashi Maru.vmem) file for malicious activity. You can do this several ways. You could login to one of the Win-Hunt VMs available to you through Sim Space to access Volatility. Volatility is also on the Kali-Hunt VMs. If you have trouble using Volatility, consider accessing the SANS Memory Forensics Cheat Sheet. You can of course use other tools designed for memory forensics if you wish to analyze the memory. However, at a minimum you should answer and provide proof and/or reasoning to these questions—there is much more to find than what is here:
1. What operating system is the computer using? What version?
2. How much RAM is included in the analysis?
3. View the running processes. Does this look like your average box? a. What processes look abnormal? What makes them abnormal? 4. Can you find user account names? Passwords?
5. View the Dynamically Linked Libraries. Does this look like your average box?
a. What DLLs look abnormal?
6. Can you associate any Processes (PIDs), DLLs, and executables?
7. View the files associated with the processes.
a. Do any files or file paths look abnormal.
describe the steps you took in analyzing the memory file and provide sound conclusions based on the presented evidence(clear screen shots) 5-6 pages singlespaced (font size 12)
