Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense forensics / Memory dump of psense

    Scheduled Pinned Locked Moved Development
    1 Posts 1 Posters 42 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      obirn
      last edited by

      Hello everyone,

      I am doing a Forensic exercise where a pfsense is implied.

      I wanted to create a fake package which would be malicious and the player would have to identify that this package is malicious. I managed to modify an existing package.

      I wanted to do a memory dump, to know that the malware is responsible for the malicious traffic, but I did not find a way to create a memory dump from pfsense. I used memdump, but I'm not sure this is the right way.

      How can I create a memory dump of a pfsense ? I don't even know if it is then possible to analyse in volatility, because of the custom kernel.

      Is it possible to know which process is responsible for which connections ? Can you find it in logs ?

      Thank you for your help.

      1 Reply Last reply Reply Quote 0
      • stephenw10S stephenw10 moved this topic from General pfSense Questions
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.