Bluescreen.rar Info

Running strings MEMORY.DMP | grep "CTF{" to find a plaintext flag.

Checking hivelist in Volatility to see if a flag was stored in a run key or environment variable. 5. Conclusion bluescreen.rar

Common content found: A memory dump file (e.g., MEMORY.DMP or dump.raw ) or a set of system logs. Running strings MEMORY