Page 3 of 7

Nuit Du Hack CTF Quals 2014 Forensics-200: Windows Forensics

On a client computer of a merchandise transport company, an employee realized that a command prompt containing commands appeared on the screen. The company contacted NianSec, a computer security company to assess the risk. John, trainee, was tasked to retrieve the memory of the windows system. By mistake, he only extracted the pagefile of the system before turning off the machine. You must retrace the attack and understand what happened on the machine.
Link: http://static.nuitduhack.com/pagefile.sys.7z

Continue reading