Collect-MemoryDump – Automated Creation Of Windows Memory Snapshots For DFIR

November 6, 2022

Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR

Collect-MemoryDump.ps1 is

Fig 3: Automated Creation of Windows Memory Snapshot w/ DumpIt

Fig 4: Automated Creation of Windows Memory Snapshot w/ Magnet RAM Capture

Fig 5: Automated Creation of Windows Memory Snapshot w/ WinPMEM

Fig 6: Automated Creation of Windows Memory Snapshot w/ Belkasoft Live RAM Capturer

Fig 7: Automated Creation of Windows Memory Snapshot w/ DumpIt (Microsoft Crash Dump)

Fig 8: Automated Creation of Windows Memory Snapshot w/ WinPMEM and Pagefile Collection w/ CyLR

Fig 9: Message Box

Fig 10: Secure Archive Container (PW: IncidentResponse) and Logfile.txt

Fig 11: Output Directories

Fig 12: Memory Directories (WinPMEM and Pagefile)

Fig 13: Memory Snapshot (in a forensically sound manner)

Fig 14: Pagefile Collection

Fig 15: Collected System Information

Dependencies

7-Zip 22.01 Standalone Console (2022-07-15)

MAGNET Idea Lab – Apply To Join

Download Collect-MemoryDump

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

attack 2

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

October 30, 2024
paynow

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

October 30, 2024
ads 1

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

October 30, 2024
image

[FOG] – Ransomware Victim: SmartSource (smartsource-inc[.]com)

October 30, 2024
image

[HANDALA] – Ransomware Victim: IM Cannabis

October 30, 2024