tryhackme房间volatility 取证 题目 1已知信息:由 abode 文档感染而来,还有一个 ip 第一问和第二问就是求主机信息,根据前面的教程,我们用 windows.info 插件就可以 1./vol.py -f ../dump/dump1.vmem windows.info 此处-f 指定镜像内存文件 第三问 What process can be considered suspicious in Case 2023-09-11 tryhackme #volatility #tryhackme #取证
Hello World Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Quick 2022-12-09