Dump it Tool utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. The raw memory dump is generated in the current directory, only a confirmation question is prompted before starting. Perfect to deploy the executable on USB keys, for quick incident responses needs. We are going to use its features to Forensic Email Evidence Collection in victim PC.

First capture the victim’s ram using dump it tool. (For details visit here)

Download bulk extractor viewer (from here) and install it in your PC.

Now open bulk extractor viewer and click on to generate report

Then, select the dump it image file and select an output folder for the report and click on start bulk extractor as seen below

Now in order to investigate the victim saved information of Email ID Click on email.txt as seen below

And also click on email_histogram.txt

With this we have comepleted our Forensic Email Evidence Collection.

To learn more about Cyber Forensics. Follow this Link