Our paper details the techniques to collect sensitive information of the QQ client, which is the most popular instant messaging (IM) in China. We have managed to acquire the contact list, the QQ account, the chats records, the QQ discussion group, the display names and the contents of network notepad. They are of great interest to the examiners. Besides, as the techniques we use to search for process are able to reveal terminated and hidden processes, we are very likely to find sensitive information as long as somebody has logged in the QQ client. What’s more, we propose the method of reconstructing the process space by integrating paging file into memory dump file.  We have reconstructed the process space of the QQ client in this way and managed to narrow down the scale of sensitive information about QQ.