Cybersecurityknowledge~30 mins

Memory forensics basics in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Memory Forensics Basics

📖 Scenario: You are a cybersecurity analyst investigating a suspicious computer. You want to understand the contents of the computer's memory to find clues about any malicious activity.

🎯 Goal: Build a simple step-by-step guide to collect and analyze memory data to identify running processes and suspicious artifacts.

📋 What You'll Learn

Create a list of running processes with exact names and IDs

Set a threshold for suspicious process memory usage

Filter processes exceeding the threshold

Add a summary note about the suspicious processes

💡 Why This Matters

🌍 Real World

Memory forensics helps cybersecurity analysts find hidden malware or unauthorized programs by examining what is running in a computer's memory.

💼 Career

Understanding memory forensics basics is essential for roles like incident responders, malware analysts, and digital forensic investigators.

Progress0 / 4 steps

Create a list of running processes

Create a list called processes containing these exact dictionaries representing running processes: {'name': 'explorer.exe', 'pid': 1234, 'memory_mb': 150}, {'name': 'notepad.exe', 'pid': 2345, 'memory_mb': 50}, {'name': 'malware.exe', 'pid': 3456, 'memory_mb': 300}, and {'name': 'svchost.exe', 'pid': 4567, 'memory_mb': 100}.

Cybersecurity

# Create the list of running processes
# Your code here

Need a hint?

Use a list of dictionaries with keys 'name', 'pid', and 'memory_mb'.

Set a memory usage threshold

Create a variable called memory_threshold and set it to 100 to represent the memory usage in megabytes above which a process is considered suspicious.

Cybersecurity

processes = [
    {'name': 'explorer.exe', 'pid': 1234, 'memory_mb': 150},
    {'name': 'notepad.exe', 'pid': 2345, 'memory_mb': 50},
    {'name': 'malware.exe', 'pid': 3456, 'memory_mb': 300},
    {'name': 'svchost.exe', 'pid': 4567, 'memory_mb': 100}
]
# Set the memory usage threshold
# Your code here

Need a hint?

Just assign the number 100 to the variable memory_threshold.

Filter suspicious processes

Create a list called suspicious_processes that contains only the processes from processes whose memory_mb value is greater than memory_threshold. Use a list comprehension with for process in processes and a condition.

Cybersecurity

processes = [
    {'name': 'explorer.exe', 'pid': 1234, 'memory_mb': 150},
    {'name': 'notepad.exe', 'pid': 2345, 'memory_mb': 50},
    {'name': 'malware.exe', 'pid': 3456, 'memory_mb': 300},
    {'name': 'svchost.exe', 'pid': 4567, 'memory_mb': 100}
]
memory_threshold = 100
# Filter processes with memory_mb greater than memory_threshold
# Your code here

Need a hint?

Use a list comprehension with a condition comparing process['memory_mb'] to memory_threshold.

Add a summary note

Create a string variable called summary_note that says exactly: 'Found suspicious processes using more than 100 MB memory.'

Cybersecurity

processes = [
    {'name': 'explorer.exe', 'pid': 1234, 'memory_mb': 150},
    {'name': 'notepad.exe', 'pid': 2345, 'memory_mb': 50},
    {'name': 'malware.exe', 'pid': 3456, 'memory_mb': 300},
    {'name': 'svchost.exe', 'pid': 4567, 'memory_mb': 100}
]
memory_threshold = 100
suspicious_processes = [process for process in processes if process['memory_mb'] > memory_threshold]
# Add the summary note string
# Your code here

Need a hint?

Assign the exact string to summary_note.