All, I've been messing around with this fun challenge as of late - http://www.binary-zone.com/2015/09/16/digital-forensic-challenge-4/ and have been struggling with question #5 (using memory forensics, can you identify the shellcode used?). My initial approach was starting with malfind and dumping malfind artifacts and reviewing. I also threw some shellcode based yara sigs together, but didn't have much luck there either. Anyways, any help or direction pointing is appreciated :) Best, -Jared