The essence of this paper is to illustrate live data acquisition within the random access memory of a notebook trying to utilize the collected digital evidences in order to partially reconstruct previous Gmail session, which could be probative digital evidence in a court of law. The proposed framework is essentially crucial for the investigation of certain related cybercrimes on the basis of the digital breadcrumb trails being professionally disclosed and appropriately handled. Without loss of generality, the volatile data would vanish forever when the power of the computing devices is no longer sustainable. This research pinpoints the imminent threat of IT savvy cyber criminals and the corresponding counter procedures used to crack criminal cases if web-based e-mail utilities are essentially involved. This paper is focused on the prevalent e-mail utility, Gmail, as the research subject. At last, live digital evidence acquisition must be accurately fulfilled before the seizure of the computing devices in the crime scene to avoid irreversible investigation procedures which mean the digital evidences could be deleted, resulting in the loss of probative evidence.

• 出版日期2012-10