Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

consolidation of tooling with Magnet RESPONSE #2

Open
dwmetz opened this issue Jan 10, 2024 · 0 comments
Open

consolidation of tooling with Magnet RESPONSE #2

dwmetz opened this issue Jan 10, 2024 · 0 comments

Comments

@dwmetz
Copy link

dwmetz commented Jan 10, 2024

Nice work on this project.

Adding the /captureram flag to the Magnet RESPONSE command would give you a DumpIt dump by default, detecting the appropriate architecture, and fall back to Magnet RAM capture if that’s not viable. You wouldn’t need the additional separate exe’s for the different DumpIt versions or Magnet RAM capture. This would require some modification for Belkasoft and Winpmem flow so those would use the current syntax.

.\Collect-MemoryDump.ps1 -Magnet

& $MagnetRESPONSE /accepteula /nodiagnosticdata /unattended /caseref:"Collect-MemoryDump-v1.0" /output:"$OUTPUT_FOLDER\Memory\Pagefile" /captureram /capturepagefile /capturevolatile /captureextendedprocessinfo /saveprocfiles

This would cover DumpIt dump in DMP for all architectures and Magnet RAM Capture for legacy systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant