/proc/\[PID\]/cmdline
/proc/\[PID\]/maps
/proc/\[PID\]/mem
gnome-keyring-daemon
process's memory to our disk in order to extract the logged-in user(s) password(s) since its stored in as a plan text in memory. Moreover, we know that it comes after "libgck-1" or "libgcrypt" strings in memory. We'll brack that a parts then put it together.