Collect-MemoryDump – Automated Creation Of Windows Memory Snapshots For DFIR

November 6, 2022

Collect-MemoryDump – Automated Creation of Windows Memory Snapshots for DFIR

Collect-MemoryDump.ps1 is

Fig 3: Automated Creation of Windows Memory Snapshot w/ DumpIt

Fig 4: Automated Creation of Windows Memory Snapshot w/ Magnet RAM Capture

Fig 5: Automated Creation of Windows Memory Snapshot w/ WinPMEM

Fig 6: Automated Creation of Windows Memory Snapshot w/ Belkasoft Live RAM Capturer

Fig 7: Automated Creation of Windows Memory Snapshot w/ DumpIt (Microsoft Crash Dump)

Fig 8: Automated Creation of Windows Memory Snapshot w/ WinPMEM and Pagefile Collection w/ CyLR

Fig 9: Message Box

Fig 10: Secure Archive Container (PW: IncidentResponse) and Logfile.txt

Fig 11: Output Directories

Fig 12: Memory Directories (WinPMEM and Pagefile)

Fig 13: Memory Snapshot (in a forensically sound manner)

Fig 14: Pagefile Collection

Fig 15: Collected System Information

Dependencies

7-Zip 22.01 Standalone Console (2022-07-15)

MAGNET Idea Lab – Apply To Join

Download Collect-MemoryDump

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Releases Two Industrial Control Systems Advisories

April 23, 2024
cybersecurity

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

April 23, 2024