We've already posted a way to capture ram using Dumpit now in this particular blog post we're going to show you how you can dump clear text chat messages from the memory so let's do it.





Capturing Data





Before Caputring Data We'll quickly use our browser to send some messages so let's do it and im using google hangout messenger.









Hangout messages









Dumpit also but let's not limitize yourself to it, we'll use RamCapturer this time so just grab it from this URL and dump the ram meory using it. we can use the samealso but let's not limitize yourself to it, we'll usethis time so just grab it from thisand dump the ram meory using it.





Ram Capturer





Winhex which is also publically available to Download at Following URL. let's open dump using Winhex and try to search for keyword hangout and see what we get. Now open the memory Dump usingwhich is also publically available to Download at Followinglet's open dump using Winhex and try to search for keywordand see what we get.





Hangout keyword search

,[0,0,0,0]

hangout forensics

hangout message found

VIDEO:





so upon searching hangout keyword i got many result and analyzing it one by one was difficult so i kept on trying and finally found a string which is in every hangout message and i just searched that string in the winhex. string is:and below are the results.and there it is, we can find various things like emails etc just using some wildcards & regexes. hope it'll help.