Memory Forensics - A CTF Approach

This session gives a brief introduction to volatile memory analysis using the open source tool “volatility”.


Key takeaways:

  • Start playing CTFs which is best way to get into cyber security.
  • Understanding how memory forensics works & fundamentals of memory dump analysis.
  • Learning the fundamentals of using the tool volatility and its various plugins.
  • Interested people can also start contributing to this tool.


This session will start from the very fundamentals:

  • Why, What and How of Memory Forensics.
  • Introduction to Volatility & it’s plugins.
  • Elaborate discussion on various important plugins and the evidence they provide.
  • Live Demo of solving a CTF challenge and an elaborate discussion on collected memory evidence.


The participants need to have the following installed in their computers:

  • Ubuntu 16.04/18.04 LTS with Windows 7 64-bit in Virtualbox.
  • Python 2.x & python 3.x
  • Volatility 2.6 (APT Install). Visit this for more details.
  • Ghex (apt install)
  • DumpIt.exe installed in Windows VM.

Allocate around 1GB of RAM for the virtual machine and please enable Virtualbox Guest Additions so that data transfer between Guest & Host is possible.

Speaker bio


Hi! I am Abhiram Kumar. I am a 3rd year UG student pursuing my B.Tech in CSE at Amrita University, Amritapuri. I am a member of Team bi0s, CTF team from Amrita University. I have been focusing on Volatile Memory Analysis and Cyber Forensics for the last 3 years. I also have experience in conducting a workshop on Cyber Forensics at the VIDYUT Multi-Fest. I am also a member in the Core Organising team of InCTF & InCTF Junior.

I, along with a few members of my team authored the DFRWS IoT Challenge 2018-19 paper and got selected in the Top 5 submissions

MEC.conf Team

Event Coordinators

Akhil Seshan

+91 7558047349

P Gautham Dileep
IETE SF MEC Chairman

+91 9495054762

Kurian Benoy
FOSSMEC Chairman

+91 9400125402

Community Relations

Devdutt Shenoi

+91 8714832195