destijl
commented
8 years ago @scudette this still needs doing, but it wasn't a release blocker, so I'm removing it from the milestone.
Open destijl opened 8 years ago
destijl
commented
8 years ago @scudette this still needs doing, but it wasn't a release blocker, so I'm removing it from the milestone.
dwendt
commented
7 years ago would really appreciate this.
scudette
commented
7 years ago Last I checked this was not working well because GRR can not efficiently upload large files. Has that changed?
The actual acquisition is pretty simple - you can either use AnalyzeClientMemory and run the ewfacquire or aff4acquire plugins (depending on what kind of image you want), or just run the MemoryCollector.
Memory collection has changed drastically in the new release, the memory collector flow has been changed, now everything is handled by rekall. Document how people should collect and analyse memory now.