Phishing Incident Detection and Response:
Identifying Email and Document Existence using Memory Forensics

Lab Goal

    • Identify Email Subject
    • Identify Document Name
    • Identify Timestamps
    • Identify Sender Name
    • Identify Launched Programs
    • List Available Detection Method

Because employees are the most vulnerable targets for an organization, giving attackers the ability to compromise their targets by preying on human weakness like emotions. For this reason, adversaries plan their assaults intelligently by using phishing attacks.

In this demo, we will tackle about different approach on how to detect and respond to a phishing incident using a memory forensics tool.

Scenario: What if due to fear of getting sanctioned by the organization, an employee trashed a possible phishing email after he/she clicked and downloaded the potential suspicious attachment.

Now, as the analyst we are tasked to perform Incident Response and Digital Forensics on the machine and find some useful evidence of email existence.