Pdgmail – Forensic Tool to Analysis Process Memory Dump

Pdgmail Forensic tool to analysis process memory dump for Gmail data. It will discover what it can out of the memory image including contacts, emails, last access times, IP addresses, basic headers etc.

• Author: Jeff Bryner

Also, You can Learn, Computer Forensics & Cyber Crime Investigation : Using Open Source Tools.

Analysis with Pdgmail

In this article, we are to extract the process dump and then to unpack and analyze the dump.

To get the help menu pdgmail -h, here we are using Firefox so we need to find the process ID of it using the command ps -ef | grep fire.

Also Read Tracking Photo’s Geolocation with GPS EXIF DATA – Forensic analysis

Now we have the process ID 1446, then you need to dump the process gcore -o fire.dmp 1446

Now you can see a dump file created fire.dmp.1446. It’s time to analyze the dump file now.To dump run the command strings -el fire.dmp.1446.

Also Read Analyzing embedded files and executable code with Firmware Images – Binwalk

You can also get the number of unread emails in the Inbox.

Also the Body contents and the basic headers.

The contact list can be retrieved.

It will take around 20 minutes to complete the analysis and the output varies depends upon the number of the page that you have browsed with Firefox pdgmail Happy Investigating !!!

you can also learn The Complete Hacking Tools in Kali Linux Operating System

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.