Please use this thread for discussion of the "Advanced Live Forensics & RAM Analysis Training" review.
In response to jamie's post I agree with all his comments and would thoroughly recommend the course.
I attended the first course and have also had the pleasure of doing one of Nick's other course the Wireless Attack course. This to was run in a similar manner, Nick's enthuisiasm and knowledge is second to none and made both courses very enjoyable. I learnt a great deal.
Jim
In response to jamie's post I agree with all his comments and would thoroughly recommend the course. Jim
Howdy Jim,
Just so as no one gets confused it was Jonathan who wrote the original article reviewing the course.
Are the Gmail and Yahoo mail extractors mentioned in the review Volatility plugins?
And if so, is there somewhere I can download them from?
I did google around and find pdymail and pdgmail, but when I run them using python2.5 or python 3.0 I get the following errors
—————————————————————
C\playground>C\Python25\python.exe pdymail -f memorystrings.txt
Traceback (most recent call last)
File "pdymail", line 40, in <module>
import xml.dom.ext
ImportError No module named ext
C\playground>C\Python30\python.exe pdymail -f memorystrings.txt
File "pdymail", line 83
print helpstr
^
SyntaxError invalid syntax
—————————————————————
I was kind of hoping there would be a Volatility plugin version…
No, the two you mention are not Volatilily plug-ins, but Python scripts. I've not run them since the class, and am not sure why yours aren't working but I used them (successfully) against a strings output using
pdgmail -fc memorystrings.txt
Maybe it has something to do with my memory dump. I didn't extract a specific process' memory, I just ran it against the strings output of the entire dump (2GB, XP SP3).
I'll give it another shot with a specific PID's memory.
Thanks
Hi, can I check whether the Internet Evidence Finder from JAD managed to extract the GMail artifacts from the memory acquired as well? Thanks.