scudette
commented
4 years ago This is probably not the goal of this project - For more complete collections you can use Velociraptor and just include winpmem as one of the things to collect.
Closed randomaccess3 closed 4 years ago
scudette
commented
4 years ago This is probably not the goal of this project - For more complete collections you can use Velociraptor and just include winpmem as one of the things to collect.
In addition to a memory image it would be good to get the data that you would require for any generic examination collected via the API in the same collection.
This will ensure that even if the memory collection is incomplete or damaged that there is potentially useful information collected already.