API collection as part of a default memory collection
randomaccess3 opened this issue · 1 comments
randomaccess3 commented
In addition to a memory image it would be good to get the data that you would require for any generic examination collected via the API in the same collection.
This will ensure that even if the memory collection is incomplete or damaged that there is potentially useful information collected already.
scudette commented
This is probably not the goal of this project - For more complete collections you can use Velociraptor and just include winpmem as one of the things to collect.