Advanced Live Foren...
 
Notifications
Clear all

Advanced Live Forensics & RAM Analysis Training

7 Posts
6 Users
0 Likes
423 Views
Jamie
(@jamie)
Posts: 1288
Moderator
 

Please use this thread for discussion of the "Advanced Live Forensics & RAM Analysis Training" review.

 
Posted : 28/10/2009 4:57 pm
jim.borwick
(@jim-borwick)
Posts: 9
Active Member
 

In response to jamie's post I agree with all his comments and would thoroughly recommend the course.

I attended the first course and have also had the pleasure of doing one of Nick's other course the Wireless Attack course. This to was run in a similar manner, Nick's enthuisiasm and knowledge is second to none and made both courses very enjoyable. I learnt a great deal.

Jim

 
Posted : 03/11/2009 3:59 pm
(@ronanmagee)
Posts: 145
Estimable Member
 

In response to jamie's post I agree with all his comments and would thoroughly recommend the course. Jim

Howdy Jim,

Just so as no one gets confused it was Jonathan who wrote the original article reviewing the course.

 
Posted : 03/11/2009 9:37 pm
erowe
(@erowe)
Posts: 144
Estimable Member
 

Are the Gmail and Yahoo mail extractors mentioned in the review Volatility plugins?

And if so, is there somewhere I can download them from?

I did google around and find pdymail and pdgmail, but when I run them using python2.5 or python 3.0 I get the following errors

—————————————————————
C\playground>C\Python25\python.exe pdymail -f memorystrings.txt
Traceback (most recent call last)
File "pdymail", line 40, in <module>
import xml.dom.ext
ImportError No module named ext

C\playground>C\Python30\python.exe pdymail -f memorystrings.txt
File "pdymail", line 83
print helpstr
^
SyntaxError invalid syntax

—————————————————————

I was kind of hoping there would be a Volatility plugin version…

 
Posted : 04/11/2009 1:06 am
(@jonathan)
Posts: 878
Prominent Member
 

No, the two you mention are not Volatilily plug-ins, but Python scripts. I've not run them since the class, and am not sure why yours aren't working but I used them (successfully) against a strings output using

pdgmail -fc memorystrings.txt

 
Posted : 04/11/2009 3:58 am
erowe
(@erowe)
Posts: 144
Estimable Member
 

Maybe it has something to do with my memory dump. I didn't extract a specific process' memory, I just ran it against the strings output of the entire dump (2GB, XP SP3).

I'll give it another shot with a specific PID's memory.

Thanks

 
Posted : 04/11/2009 11:00 pm
(@pengzy)
Posts: 2
New Member
 

Hi, can I check whether the Internet Evidence Finder from JAD managed to extract the GMail artifacts from the memory acquired as well? Thanks.

 
Posted : 05/11/2009 5:24 pm
Share: