Th0rtu3n0.rar -

: If it’s a .mem or .raw file, use Volatility to check for running processes ( pstree ), network connections ( netscan ), or command history ( cmdline ).

: To see what programs the "attacker" ran on the system. Th0rtu3n0.rar

The first step is always to verify the file type and extract the contents. : If it’s a