Your assignment is to analyze the following four files collected with Taskmanager's built-in process dumper from a Windows 7 client machine:
In the following table, there are four fields: the first is the dump file, which you can download. The second is the process image name given by Taskmanager. The third field is a md5sum of the dump file. The fourth field is a sha1sum of the dump file. (The last two are given so that you can verify that you successfully downloaded the files in the correct binary format.)
|File as collected by Taskmanager||Process image name||md5sum||sha1sum|
I will leave it up to you to decide what tools you wish to extract information from these memory dumps, but I will note that there is relevant discussion of working with process dumps in Malware Forensics.
I am looking for (1) an analysis of what kind of information that you hope to find based on intelligent guesses developed from the process names (2) how much useful raw data you are able to extract (3) how well you can then analyze the raw data to come up with descriptions of what the processes are and what they have been doing.
I expect only one work product, a printed write-up. Please bring the write-up to class on Monday, March 4th.
This is not a collaborative assignment. Please do not discuss your work on this assignment with your classmates.
Deliverables: For the write-up, create a short narrative of your experiences and include extracts showing relevant raw data. Describe what programs you used for analysis, and what operating systems you used to run these programs. Finally, I want descriptions of your guesses as to (1) what the processes are and (2) what they have been doing.
Print out the write-up of your experiences, and give that to me at the beginning of class on March 4th.