Skip to content

schladt/GoPmem

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
res
res
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bindata.go
bindata.go
 
 
pmem.go
pmem.go
 
 

Repository files navigation

GoPmem

Physical memory acquisition tool written in Go

Go port of https://github.com/google/rekall/blob/master/tools/windows/winpmem/winpmem.py Rekall's pmem suite of tools found here https://github.com/google/rekall/tree/master/tools/pmem (Copyright 2012 Michael Cohen scudette@gmail.com)

Usage of GoPmem.exe:
  -device string
        Name of kernel driver device (default "pmem")
  -filename string
        Name of output file (default "memdump.bin")
  -load
        Load Winpmem driver and exit
  -mode string
        The acquisition mode [ physical | iospace | pte | pte_pci ] (default "physical")
  -unload
        Unload Winpmem driver and exit

About

Physical memory acquisition tool written in Go

Resources

Readme

License

GPL-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages