Tag Archives: dump

pdgmail: Backtrack: Forensics: RAM Forensics Tools: pdgmail

We received a request for an article for pdgmail which is a Python script that analyzes Windows and Linux browser process dumps where the browser had Gmail open. I was able to test on 32-bit Windows 7, 64-bit Ubuntu 10.04 LTS, and 32-bit Ubuntu 10.04 LTS. Unfortunately the methods I was using did not work properly on the 64-bit Ubuntu however it worked perfectly on both 32-bit operating systems I tested. Below I describe how pdgmail can be used to dump Firefox process memory using Process Dumper on Backtrack Linux which is technically Ubuntu 10.04 LTS.

Create a SVN Repository, Then Import a SVN Repo Into The New SVN Repo

The below describes creating a SVN repository from a CentOS Linux shell followed by importing a SVN repository dump into the newly created repository. This can be useful for many reasons including moving servers or even just moving the location of an SVN repo.

If you don’t have subversion installed go ahead and do so now. The below command can be issued from the shell of a CentOS Linux server using yum to install subversion.

Dump a PostgreSQL Database Without the Data

Dumping a PostgreSQL database without the data is easy. Issue the below command and it will output the database table structure to a text file that can easily be imported. bash pg_dump -U postgres –schema-only DBNAME -f FILENAME.sql The above can be imported into a new database using the below syntax. psql -U postgres DBNAME…

Can I delete MEMORY.DMP and How To Minimize MEMORY.DMP Size

The MEMORY.DMP file is a debug file that is generated by a system crash of some sort on Windows XP. The size of this file by default can be over 2GB and is typically never used by the average user. If you continue to have system crashes and want to really look into the issue than the MEMORY.DMP file could be very useful. By default this file is located in the “C:\WINDOWS” directory but the location of the dump can be modified along with what is actually output in the system dump.

So can the MEMORY.DMP file be deleted? The short answer is yes it can be deleted however every time there is a system crash the file will be recreated unless you follow the steps below. If you do continue to have system crashes though the file could definitely come in handy when troubleshooting the issue.