±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36324
New Yesterday: 2 Visitors: 193

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Advanced Live Forensics & RAM Analysis Training

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

jamie
Site Admin
 

Advanced Live Forensics & RAM Analysis Training

Post Posted: Oct 28, 09 16:57

Please use this thread for discussion of the "Advanced Live Forensics & RAM Analysis Training" review.
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus 
 
  

jim.borwick
Newbie
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 03, 09 15:59

In response to jamie's post I agree with all his comments and would thoroughly recommend the course.

I attended the first course and have also had the pleasure of doing one of Nick's other course the Wireless Attack course. This to was run in a similar manner, Nick's enthuisiasm and knowledge is second to none and made both courses very enjoyable. I learnt a great deal.

Jim  
 
  

ronanmagee
Senior Member
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 03, 09 21:37

- jim.borwick
In response to jamie's post I agree with all his comments and would thoroughly recommend the course. Jim


Howdy Jim,

Just so as no one gets confused it was Jonathan who wrote the original article reviewing the course.  
 
  

erowe
Senior Member
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 04, 09 01:06

Are the Gmail and Yahoo mail extractors mentioned in the review Volatility plugins?

And if so, is there somewhere I can download them from?

I did google around and find pdymail and pdgmail, but when I run them using python2.5 or python 3.0 I get the following errors:

---------------------------------------------------------------
C:\playground>C:\Python25\python.exe pdymail -f memorystrings.txt
Traceback (most recent call last):
File "pdymail", line 40, in <module>
import xml.dom.ext
ImportError: No module named ext

C:\playground>C:\Python30\python.exe pdymail -f memorystrings.txt
File "pdymail", line 83
print helpstr
^
SyntaxError: invalid syntax

---------------------------------------------------------------

I was kind of hoping there would be a Volatility plugin version...  
 
  

Jonathan
Senior Member
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 04, 09 03:58

No, the two you mention are not Volatilily plug-ins, but Python scripts. I've not run them since the class, and am not sure why yours aren't working but I used them (successfully) against a strings output using

pdgmail -fc memorystrings.txt
_________________
Forensic Control
twitter.com/ForensicControl
St Bride Foundation, 14 Bride Lane, London, EC4Y 8EQ 
 
  

erowe
Senior Member
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 04, 09 23:00

Maybe it has something to do with my memory dump. I didn't extract a specific process' memory, I just ran it against the strings output of the entire dump (2GB, XP SP3).

I'll give it another shot with a specific PID's memory.

Thanks  
 
  

pengzy
Newbie
 

Re: Advanced Live Forensics & RAM Analysis Training

Post Posted: Nov 05, 09 17:24

Hi, can I check whether the Internet Evidence Finder from JAD managed to extract the GMail artifacts from the memory acquired as well? Thanks.  
 

Page 1 of 1