consolidation of tooling with Magnet RESPONSE

[dwmetz]

Nice work on this project.

Adding the /captureram flag to the Magnet RESPONSE command would give you a DumpIt dump by default, detecting the appropriate architecture, and fall back to Magnet RAM capture if that’s not viable. You wouldn’t need the additional separate exe’s for the different DumpIt versions or Magnet RAM capture. This would require some modification for Belkasoft and Winpmem flow so those would use the current syntax.

.\Collect-MemoryDump.ps1 -Magnet

& $MagnetRESPONSE /accepteula /nodiagnosticdata /unattended /caseref:"Collect-MemoryDump-v1.0" /output:"$OUTPUT_FOLDER\Memory\Pagefile" /captureram /capturepagefile /capturevolatile /captureextendedprocessinfo /saveprocfiles

This would cover DumpIt dump in DMP for all architectures and Magnet RAM Capture for legacy systems.