Part 1 Misleading file extension
Criminals often simply change the extensions of files to mislead computer forensics investigators. But the wrong file extension is difficult know exactly what the original file type was. To find out the true type of a file you could use a hex editor.
1. Download secret.jpg
2. Open it with the built in Windows Photos app. What do you see?
3. Use Hex Workshop (or other hex editor) and try to find out the original file type.
Part 2 Use Volatility to analyse memory dump
1. Download volatility at:
Home of The Volatility Foundation | Volatility Memory Forensics
2 Download windows.raw from Canvas
3 Study an example of volatile memory analysis at:
https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1
4 Learn about the memory dump:
o From which OS is this dump made from, make a screenshot to support your answer.
o Which process were running when the dump was made, make a screenshot.
o What are the network connections, which connections are still open?