Skip to content

CSIRT-Collect v3.0

Compare
Choose a tag to compare
@dwmetz dwmetz released this 13 Dec 21:52
· 50 commits to main since this release
078cd1e

CSIRT-Collect is a PowerShell script that I wrote to automate to collection of a RAM image as well as a KAPE triage collection. I wanted to preserve the order of volatility and capture the RAM before any other artifact collection occurs. Version 3 by default leverages Magnet Ram Capture to collect the memory. You can utilize Winpmem or DumpIt with a minor code modification