Skip to content

Commit 3988a20

Browse files
evild3adevild3ad
committed
Collect-MemoryDump v1.0
1 parent 14fe394 commit 3988a20

File tree

1 file changed

+19
-19
lines changed

1 file changed

+19
-19
lines changed

README.md

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -86,61 +86,61 @@ https://www.microsoft.com/en-us/download/details.aspx?id=17718
8686
> [!IMPORTANT]
8787
> MAGNET DumpIt for Windows does NOT support Windows 7 target systems. Please use any of the other memory acquisition tools when dealing with Windows 7.
8888
89-
![Help-Message](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/01.png)
89+
![Help-Message](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/01.png)
9090
**Fig 1:** Help Message
9191

92-
![AvailableSpace](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/02.png)
92+
![AvailableSpace](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/02.png)
9393
**Fig 2:** Check Available Space
9494

95-
![DumpIt - Microsoft Crash Dump](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/03.png)
95+
![DumpIt - Microsoft Crash Dump](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/03.png)
9696
**Fig 3:** Automated Creation of Windows Memory Snapshot w/ MAGNET DumpIt for Windows (incl. Pagefile)
9797

98-
![DumpIt - Raw Physical Memory Dump](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/04.png)
98+
![DumpIt - Raw Physical Memory Dump](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/04.png)
9999
**Fig 4:** Automated Creation of Windows Memory Snapshot w/ MAGNET DumpIt for Windows (incl. Pagefile)
100100

101-
![WinPMEM](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/05.png)
101+
![WinPMEM](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/05.png)
102102
**Fig 5:** Automated Creation of Windows Memory Snapshot w/ WinPMEM (incl. Pagefile)
103103

104-
![Belkasoft](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/06.png)
104+
![Belkasoft](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/06.png)
105105
**Fig 6:** Automated Creation of Windows Memory Snapshot w/ Belkasoft Live RAM Capturer (incl. Pagefile)
106106

107-
![Pagefile Collection](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/07.png)
107+
![Pagefile Collection](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/07.png)
108108
**Fig 7:** Pagefile Collection w/ MAGNET Response
109109

110-
![Process-Module Information](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/08.png)
110+
![Process-Module Information](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/08.png)
111111
**Fig 8:** Collecting Running Process/Module Information w/ MAGNET Response
112112

113-
![MessageBox](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/09.png)
113+
![MessageBox](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/09.png)
114114
**Fig 9:** Message Box
115115

116-
![MAGNET RAM Capture GUI](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/10.png)
116+
![MAGNET RAM Capture GUI](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/10.png)
117117
**Fig 10:** MAGNET RAM Capture
118118

119-
![MAGNET RAM Capture](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/11.png)
119+
![MAGNET RAM Capture](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/11.png)
120120
**Fig 11:** Automated Creation of Windows Memory Snapshot w/ MAGNET RAM Capture
121121

122-
![MessageBox - Memory Snapshot created successfully](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/12.png)
122+
![MessageBox - Memory Snapshot created successfully](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/12.png)
123123
**Fig 12:** Message Box
124124

125-
![SecureArchive](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/13.png)
125+
![SecureArchive](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/13.png)
126126
**Fig 13:** Secure Archive Container (PW: IncidentResponse) and Logfile.txt
127127

128-
![OutputDirectories](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/14.png)
128+
![OutputDirectories](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/14.png)
129129
**Fig 14:** Output Directories
130130

131-
![MemoryDirectories](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/15.png)
131+
![MemoryDirectories](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/15.png)
132132
**Fig 15:** Memory Directories (DumpIt and Pagefile)
133133

134-
![Memory](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/16.png)
134+
![Memory](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/16.png)
135135
**Fig 16:** Memory Snapshot (in a forensically sound manner)
136136

137-
![PageFileInfo](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/17.png)
137+
![PageFileInfo](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/17.png)
138138
**Fig 17:** Pagefile and PageFileInfo
139139

140-
![Pagefile Collection](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/18.png)
140+
![Pagefile Collection](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/18.png)
141141
**Fig 18:** Pagefile Collection (in a forensically sound manner)
142142

143-
![SystemInfo](https://github.com/evild3ad/Collect-MemoryDump/blob/3aa95e224d0613681d5cd1baaf3e8a22da40bf68/Screenshots/19.png)
143+
![SystemInfo](https://github.com/evild3ad/Collect-MemoryDump/blob/14fe3946daa65ee553050121d3a5e316236f67d3/Screenshots/19.png)
144144
**Fig 19:** Collected System Information
145145

146146
## Dependencies

0 commit comments

Comments
 (0)