Dump it Tool utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. The system generates the raw memory dump in the current directory, and it prompts a confirmation question before starting. Perfect to deploy the executable on USB keys, for quick incident responses needs. We are going to use its features to Social Media Forensic Analysis in Victim PC.

Firstly capture the victim’s ram using dump it tool. (For details visit here)

Download bulk extractor viewer (from here) and install it in your PC.

Now open bulk extractor viewer and click on to generate report

Then, select the dump it image file and select an output folder for the report and click on start bulk extractor as seen below.

The image might take some time to extract. Screenshot as given below.

Then, in order to investigate the victim saved information of Facebook (like images, id, etc), select url_facebook-address.txt as seen below

To investigate LinkedIn, select url.txt and search LinkedIn. Now you can see the LinkedIn id which is used in victim’s PC.

Finally, you can do the same procedure to investigate other accounts as shown below (twitter)

With this we have comepleted our Social Media Forensic Analysis in Victim PC.

To learn more about Cyber Forensics. Follow this Link