winpmem¶

Category: Memory

Homepage: https://github.com/Velocidex/c-aff4

Vendor: Velocidex

License: Apache License 2.0

Source: HTTP

Profiles: Full, Basic

File Extensions: .raw, .aff4

Tags: memory-forensics, acquisition

winpmem is a Windows memory acquisition driver.

Tips¶

The driver is downloaded to C:\downloads.

Use winpmem with compatible acquisition tools.