Dump it Tool utility is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. The raw memory dump is generated in the current directory, only a confirmation question is prompted before starting. Perfect to deploy the executable on USB keys, for quick incident responses needs. We are going to use its features to telephonic evidence collection forensics in victim PC.

First capture the victim’s ram using dump it tool. (For details visit here)

Download bulk extractor viewer (from here) and install it in your PC.

Now open bulk extractor viewer and click on to generate report

Then, select the dump it image file and select an output folder for the report and click on start bulk extractor as seen below.

Now in order to investigate the victim saved information of Telephone/Mobile Click on telephone.txt as seen below

And also click on telephone_histogram.txt

With this we have comepleted our Telephonic Evidence Collection Forensics.

To learn more about Cyber Forensics. Follow this Link