Jan 192016
Found a nice tool to grep inside Windows memory made by NCC Group. I use it to get further information about Lynq/Office Communicator. You are able to see the actual presence of an individual (if he really is AFK or if he only set his status to be AFK).
https://github.com/nccgroup/memgrep/releases
C:\Data\NCC\!Code\Git.Public\memgrep\windows\x64\Release>Memgrep.exe -b 20 -a 20 -q -s ninja -x
memgrep - https://www.nccgroup.com/
- https://github.com/nccgroup/memgrep
[i] Will print 20 bytes before hit
[i] Will print 20 bytes after hit
[i] Using the string 'ninja'
[*] Got unicode hit for ninja at 000000001092A52C in Dwm.exe (3444) page starts at 0000000010890000 [rw ] - private
0000 70 00 20 00 36 00 30 00 36 00 34 00 20 00 2d 00 p. .6.0. 6.4. .-.
0010 73 00 20 00 6e 00 69 00 6e 00 6a 00 61 00 20 00 s. .n.i. n.j.a. .
0020 2d 00 78 00 00 00 00 00 15 00 00 00 19 00 00 00 -.x..... ........
0030 ce 23