PyMem - Memory Acquisition Tool
Project description
PyMem - Get Memory Image on Windows
What is this ?
It is a software that you can take memory image from your device with Python.
How is it working ?
Before taking your memory copy, it obtains information about your memory size. Then, based on this information, it addresses your memory image according to the buffer size and buffer size, and then starts making memory copies of all your applications.
Tested Image Forensic Softwares
- AccessData FTK Imager
Tested OS (on Virtual Machine)
- Windows 11 Build Number 22621.2283
Images
Installation
On CMD or PowerShell (Administrator) cd pymem_current_directory bcdedit /set testsigning on Check Memory Compression with "Get-MMAgent" command Disable Memory Compression with "Disable-MMAgent -mc" command Restart...winget install python --source=msstore OR winget install python python -m pip install -r requirements.txt python example.py NOTE : You must NEED Visual Studio C++ Libraries!!
Disclaimer
It should not be forgotten that taking a memory image is a serious process. In this process, you may encounter numerous errors, BSODs (Blue Screen of Death), and even memory errors. For this reason, we declare that we are not responsible for any damage that may arise.
For this reason, we recommend that you run your tests in demo environments.
Unutulmamalıdır ki, bellek imajı almak ciddi bir süreçtir. Bu süreçte çok sayıda hata, BSOD (Blue Screen of Death / Mavi Ekran Hataları) ve hatta bellek hatalarıyla karşılaşabilirsiniz. Bu nedenle doğabilecek herhangi bir zarardan sorumlu olmadığımızı beyan ederiz.
Bu nedenle testlerinizi demo ortamlarda yapmanızı tavsiye ederiz.
Thanks
Great thanks to the Velocidex (WinPMEM) team for providing driversRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
