What is RAM?
Well, RAM(Random Access Memory)is Hardware Circuit which is Used by Computer as Temporary Storage Memory.
How to We See the Temporary Data of RAM?
Many Person want to see the RAM Temporary Data for Many Purpose like Forensic, for retrieving some Temporary Data and For Fun. You can also see the Current Chat History,URL,DATA etc.
Method:-
Step 1.First We have to Obtain the RAM Data as Image(Contains Data about any file). To Do this,We need a Command line Program called MDD(Mantech Physical Memory dump) [Only 95 KB].
MDD is a physical memory acquisition tool for imaging Windows based computers created by the innovative minds at ManTech International Corporation. MDD is capable of acquiring memory images from Win2000, XP, Vista and Windows Server.
You can Download this Program From:-
http://sourceforge.net/projects/mdd/files/mdd/mdd-1.3/mdd_1.3.exe/download
Step 2.Now you have to Run this Program.You cannot directly open this Program.To open this Program Open DOS Prompt by
Start==>Run==>CMD and press enter.
It Shows as C:\Users\Sonu>
This file is In Download Folder .So goto Downloads folder by “CD Download”.
Now you are in Download Folder as C:\Users\Sonu\Downloads
Now write “mdd_1.3.exe” as C:\Users\Sonu\Downloads>mdd_1.3.exe
You can see the MDD Help
For obtaining Image
Give Command “mdd_1.3.exe -o D:\RamDump.img” Without Quotation as C:\Users\Sonu\Downloads>mdd_1.3.exe -o D:\MyRam.img
After Some Second you Get the Image of RAM Temporary Memory in Local Disk D: as MyRam.img
To see image as Large Right Click on Image and select View Image in Firefox:-
Step 3.Now we have to Get text(String)from the Image file.We need a DOS Program called String (Only 72 Kb).
Download this Program From here==>http://download.sysinternals.com/Files/Strings.zip
Now extract the file.Now you see a string Folder. Strings.exe program is Found in Strings Directory.
To run this Program,
Open DOS Prompt by Start==>Run==>CMD and press enter.
It Shows as C:\Users\Sonu>
This file is In Download Folder .So goto Downloads folder by “CD Download”.
Now you are in Download Folder as C:\Users\Sonu\Downloads>
Now go to Strings Folder by “CD Strings” as C:\Users\Sonu\Downloads>
Now write “strings.exe” as C:\Users\Sonu\Downloads\strings\string.exe
You see the Strings Program Help.
To obtaining Strings from Image file
Give command “Strings.exe D:\MyRam.img Output.txt” as C:\Users\Sonu\Downloads\strings\Strings.exe D:\RamDump.img
To See Image as Large Right Click on the Image and Select View "Image" in Firefox:-
Where MyRam is your Image file and output.txt is text file which conatain all the Strings
A new text file is generated in your Strings Folder as Output.text.Open the output.txt file with Notepad.And you can see all the Current History,Typed Keys,Website Name,URL and More things.
Well, RAM(Random Access Memory)is Hardware Circuit which is Used by Computer as Temporary Storage Memory.
How to We See the Temporary Data of RAM?
Many Person want to see the RAM Temporary Data for Many Purpose like Forensic, for retrieving some Temporary Data and For Fun. You can also see the Current Chat History,URL,DATA etc.
Method:-
Step 1.First We have to Obtain the RAM Data as Image(Contains Data about any file). To Do this,We need a Command line Program called MDD(Mantech Physical Memory dump) [Only 95 KB].
MDD is a physical memory acquisition tool for imaging Windows based computers created by the innovative minds at ManTech International Corporation. MDD is capable of acquiring memory images from Win2000, XP, Vista and Windows Server.
You can Download this Program From:-
http://sourceforge.net/projects/mdd/files/mdd/mdd-1.3/mdd_1.3.exe/download
Step 2.Now you have to Run this Program.You cannot directly open this Program.To open this Program Open DOS Prompt by
Start==>Run==>CMD and press enter.
It Shows as C:\Users\Sonu>
This file is In Download Folder .So goto Downloads folder by “CD Download”.
Now you are in Download Folder as C:\Users\Sonu\Downloads
Now write “mdd_1.3.exe” as C:\Users\Sonu\Downloads>mdd_1.3.exe
You can see the MDD Help
For obtaining Image
Give Command “mdd_1.3.exe -o D:\RamDump.img” Without Quotation as C:\Users\Sonu\Downloads>mdd_1.3.exe -o D:\MyRam.img
After Some Second you Get the Image of RAM Temporary Memory in Local Disk D: as MyRam.img
To see image as Large Right Click on Image and select View Image in Firefox:-
Step 3.Now we have to Get text(String)from the Image file.We need a DOS Program called String (Only 72 Kb).
Download this Program From here==>http://download.sysinternals.com/Files/Strings.zip
Now extract the file.Now you see a string Folder. Strings.exe program is Found in Strings Directory.
To run this Program,
Open DOS Prompt by Start==>Run==>CMD and press enter.
It Shows as C:\Users\Sonu>
This file is In Download Folder .So goto Downloads folder by “CD Download”.
Now you are in Download Folder as C:\Users\Sonu\Downloads>
Now go to Strings Folder by “CD Strings” as C:\Users\Sonu\Downloads>
Now write “strings.exe” as C:\Users\Sonu\Downloads\strings\string.exe
You see the Strings Program Help.
To obtaining Strings from Image file
Give command “Strings.exe D:\MyRam.img Output.txt” as C:\Users\Sonu\Downloads\strings\Strings.exe D:\RamDump.img
To See Image as Large Right Click on the Image and Select View "Image" in Firefox:-
Where MyRam is your Image file and output.txt is text file which conatain all the Strings
A new text file is generated in your Strings Folder as Output.text.Open the output.txt file with Notepad.And you can see all the Current History,Typed Keys,Website Name,URL and More things.
Don't Copy My Article
1 comment:
I am definitely enjoying your website. You definitely have some great insight and great stories. recover deleted files from USB
Post a Comment