MemLabs CTF - "Lab 4" Extracting Deleted Data from Memory

In this video I walkthrough Lab 4 of MemLabs CTF and explain my methodology of examining a memory capture of a Windows machine. The challenge in this lab was to recover data from a file that has been deleted from disk by examining the Master File Table (MFT). Link to MemLabs CTF Github: https://github.com/stuxnet999/MemLabs Link to stuxnet999 blog: https://stuxnet999.github.io/ Link to Volatility 2 Install guide: https://covert.sh/2020/08/24/volatility-ubuntu-setup/