weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
kaliwiki/tools/pdgmail.md
Stefan Molls 788305a83e Added forensics section
2014-04-23 10:38:32 -05:00

841 B
Raw Blame History

pdgmail

Notes

Gather gmail artifacts from a pd process memory dump

Help Text

Usage: /usr/bin/pdgmail [OPTIONS]

Options:
   -f, --file       the file to use (stdin if no file given)
   -b, --bodies	    don't look for message bodies (helpful if you're getting too many false positives on the mb regex)
   -h, --help	    prints this 
   -v,--verbose	    be verbose (prints filename, other junk)
   -V,--version     prints just the version info and exits.
   
This expects to be unleashed on the result of running strings -el on a pd dump from windows process memory. 
Anything other than that, your mileage will certainly vary.

Example Usage

strings -el memory.dump | pdgmail | less

Links

[1] http://digital-forensics.sans.org/blog/2008/10/20/pdgmail-new-tool-for-gmail-memory-forensics/