Information Security

pdgmail: Backtrack: Forensics: RAM Forensics Tools: pdgmail

We received a request for an article for pdgmail which is a Python script that analyzes Windows and Linux browser process dumps where the browser had Gmail open. I was able to test on 32-bit Windows 7, 64-bit Ubuntu 10.04 LTS, and 32-bit Ubuntu 10.04 LTS. Unfortunately the methods I was using did not work properly on the 64-bit Ubuntu however it worked perfectly on both 32-bit operating systems I tested. Below I describe how pdgmail can be used to dump Firefox process memory using Process Dumper on Backtrack Linux which is technically Ubuntu 10.04 LTS.

Technology Insights

Create a SVN Repository, Then Import a SVN Repo Into The New SVN Repo

The below describes creating a SVN repository from a CentOS Linux shell followed by importing a SVN repository dump into the newly created repository. This can be useful for many reasons including moving servers or even just moving the location of an SVN repo.

If you don’t have subversion installed go ahead and do so now. The below command can be issued from the shell of a CentOS Linux server using yum to install subversion.

Technology Insights

Can I delete MEMORY.DMP and How To Minimize MEMORY.DMP Size

The MEMORY.DMP file is a debug file┬áthat is generated by a system crash of some sort on Windows XP. The size of this file by default can be over 2GB and is typically never used by the average user. If you continue to have system crashes and want to really look into the issue than the MEMORY.DMP file could be very useful. By default this file is located in the “C:\WINDOWS” directory but the location of the dump can be modified along with what is actually output in the system dump.

So can the MEMORY.DMP file be deleted? The short answer is yes it can be deleted however every time there is a system crash the file will be recreated unless you follow the steps below. If you do continue to have system crashes though the file could definitely come in handy when troubleshooting the issue.