Skip to content

MemProcFS

Category: Memory

Source: GitHub Release

Profiles: Full, Basic

File Extensions: .dmp, .raw, .vmem, .img

Tags: memory-forensics, filesystem

MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.

Tips

To fix the problem with python from Cutter you can run this in the terminal before running MemProcFS: C:\Program Files\PowerShell\7;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\starship\bin\;C:\Program Files\Neovim\bin;C:\Program Files\Go\bin;C:\Program Files\Git\cmd;C:\Program Files\GitHub CLI\;C:\Program Files\PowerShell\7\;C:\Users\reuteras\AppData\Local\Programs\Python\Launcher\;C:\Users\reuteras\AppData\Local\pnpm;C:\Users\reuteras\AppData\Local\Microsoft\WindowsApps;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\AgileBits.1Password.CLI_Microsoft.Winget.Source_8wekyb3d8bbwe.;C:\Users\reuteras\AppData\Local\GitHubDesktop\bin;C:\Program Files\7-Zip;C:\Users\reuteras\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\astral-sh.uv_Microsoft.Winget.Source_8wekyb3d8bbwe;C:\Program Files\Notepad++;D:\Misc\tools\bin;C:\Program Files (x86)\VMware\VMware Workstation;C:\Program Files\Neovim\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Microsoft.Edit_Microsoft.Winget.Source_8wekyb3d8bbwe\edit-1.2.1-x86_64-windows;C:\Users\reuteras.local\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.GNU_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-gnu;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Casey.Just_Microsoft.Winget.Source_8wekyb3d8bbwe;C:\Users\reuteras\go\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Rclone.Rclone_Microsoft.Winget.Source_8wekyb3d8bbwe\rclone-v1.73.3-windows-amd64;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Rclone.Rclone_Microsoft.Winget.Source_8wekyb3d8bbwe\rclone-v1.73.3-windows-amd64 = (C:\Program Files\PowerShell\7;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\starship\bin\;C:\Program Files\Neovim\bin;C:\Program Files\Go\bin;C:\Program Files\Git\cmd;C:\Program Files\GitHub CLI\;C:\Program Files\PowerShell\7\;C:\Users\reuteras\AppData\Local\Programs\Python\Launcher\;C:\Users\reuteras\AppData\Local\pnpm;C:\Users\reuteras\AppData\Local\Microsoft\WindowsApps;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\AgileBits.1Password.CLI_Microsoft.Winget.Source_8wekyb3d8bbwe.;C:\Users\reuteras\AppData\Local\GitHubDesktop\bin;C:\Program Files\7-Zip;C:\Users\reuteras\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\astral-sh.uv_Microsoft.Winget.Source_8wekyb3d8bbwe;C:\Program Files\Notepad++;D:\Misc\tools\bin;C:\Program Files (x86)\VMware\VMware Workstation;C:\Program Files\Neovim\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Microsoft.Edit_Microsoft.Winget.Source_8wekyb3d8bbwe\edit-1.2.1-x86_64-windows;C:\Users\reuteras.local\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\BurntSushi.ripgrep.GNU_Microsoft.Winget.Source_8wekyb3d8bbwe\ripgrep-15.1.0-x86_64-pc-windows-gnu;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Casey.Just_Microsoft.Winget.Source_8wekyb3d8bbwe;C:\Users\reuteras\go\bin;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Rclone.Rclone_Microsoft.Winget.Source_8wekyb3d8bbwe\rclone-v1.73.3-windows-amd64;C:\Users\reuteras\AppData\Local\Microsoft\WinGet\Packages\Rclone.Rclone_Microsoft.Winget.Source_8wekyb3d8bbwe\rclone-v1.73.3-windows-amd64 -split ';' | Where-Object { -notlike 'cutter'}) -join ';'