Arif, HamdaniYusriyah, Isnaeni HariArapenta, Joy GilbertTambunan, Jean Tirstan2025-01-042024-06-12IEEEhttp://103.209.1.147:4000/handle/PL029/3240This research analyzes memory dumps in Capture The Flag (CTF) cybersecurity competitions using computer forensics techniques. It focuses on uncovering hidden files in memory using the Volatility Framework. The methodology follows the computer forensics investigation model, including acquisition, analysis, and extraction. Various Volatility plugins are used to identify suspicious processes, locate hidden files, and find passwords for encrypted files. The results demonstrate the effectiveness of the Volatility Framework in extracting important information from memory dumps, which is valuable in the context of cybersecurity competitions like CTF.The field of study that examines how to uncover, collect, analyze, and present digital evidence from electronic devices is called computer forensics. This research focuses on the analysis of memory dumps in the Capture The Flag (CTF) cybersecurity competition with the aim of uncovering hidden files that may be concealed in memory by an attacker. Conducting analysis on memory dumps is an important technique in digital forensics and security incident investigation to uncover suspicious activities and hidden evidence that is not available on storage media. The Volatility Framework is utilized as the main framework for analyzing memory dumps. The analysis process adopts the general stages of the computer forensics investigation model, including acquisition, analysis, and extraction. Various Volatility plugins and modules, such as imageinfo, pslist, cmdline, filescan, grep, and dumpfiles, are optimized to identify suspicious processes, locations of hidden files, and passwords required to open encrypted files. This research shows that the Volatility Framework is an effective memory forensics tool for extracting important information from memory dumps, including hidden files, which is highly useful in the context of cybersecurity competitions such as Capture The Flag (CTF).en-USSOCIAL SCIENCES::Statistics, computer and systems science::Informatics, computer and systems science::InformaticsSOCIAL SCIENCES::Statistics, computer and systems science::Informatics, computer and systems science::Information technologySOCIAL SCIENCES::Social sciences::EducationArticleNIM4332001032NIM4332001026NIM4332001016NIDN0001129002KODEPRODI57302#REKAYASA KEAMANAN SIBER