It is a software that you can take "memory image with AFF4 format" from your device with Python.
Before taking your memory copy, it obtains information about your memory size. Then, based on this information, it addresses your memory image according to the buffer size and buffer size, and then starts making memory copies of all your applications.
- AccessData FTK Imager
- Windows 11 Build Number 22621.2283
------------------------------------------------------------------------------------------------ IMPORTANT : This program can CURRENTLY take a maximum of 2 GB memory image. ÖNEMLİ : Bu program ŞU ANLIK maksimum 2 GB bellek imajı alabilmektedir. ------------------------------------------------------------------------------------------------ On CMD or PowerShell (Administrator) cd pymem_current_directory bcdedit /set testsigning on Check Memory Compression with "Get-MMAgent" command Disable Memory Compression with "Disable-MMAgent -mc" command Restart...winget install python --source=msstore OR winget install python python -m pip install -r requirements.txt python example.py OR pip install pymem_snapshot (PyPi Link) python example.py
It should not be forgotten that taking a memory image is a serious process. In this process, you may encounter numerous errors, BSODs (Blue Screen of Death), and even memory errors. For this reason, we declare that we are not responsible for any damage that may arise.
For this reason, we recommend that you run your tests in demo environments.
Unutulmamalıdır ki, bellek imajı almak ciddi bir süreçtir. Bu süreçte çok sayıda hata, BSOD (Blue Screen of Death / Mavi Ekran Hataları) ve hatta bellek hatalarıyla karşılaşabilirsiniz. Bu nedenle doğabilecek herhangi bir zarardan sorumlu olmadığımızı beyan ederiz.
Bu nedenle testlerinizi demo ortamlarda yapmanızı tavsiye ederiz.
PyPi Link Great thanks to the Velocidex (WinPMEM) team for providing drivers