Skip to content

Releases: Velocidex/WinPmem

Release 4.1

23 Nov 02:25
@scudette scudette
v4.1.dev1
57f829b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 4.1 Pre-release
Pre-release

This is a pre-release for testing of the latest WinPmem 4.1.

In this release the driver is test signed so to test you will need to enable test signing on:

  1. As admin run bcdedit /set testsigning on
  2. Reboot
  3. Use the minitool
  4. To revert use bcdedit /set testsigning off

PS: Dbgprint is set verbose, you can use dbgview.exe from Microsoft Sysinternals to see all of it (check 'kernel capture' in the menu)

Assets 5
Loading

Release 4.0 RC2

12 Oct 01:09
@scudette scudette
v4.0.rc1
8b712ab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 4.0 RC2 Latest
Latest

This release fixes an issue with the drivers loading on recent Windows versions.

For this release we make available the old "mini" pmem imager based on the old 1.6 branch. This imager is very simple - it can only make raw images. The AFF4 based imager may be back in the future but for now we can produce RAW images.

We started to distribute Winpmem releases directly from this project as it is now separated from the Rekall project (which has been discontinued).

The new drivers implement Fast IO mode so should be faster than before.

There is now also an experimental Go userspace imager which supports 3 methods of compression (Snappy, S2 and Gzip). Use the -h flag to see usage instruction.

Thanks

We would like to thank Emre Tinaztepe and Mehmet GÖKSU at Binalyze as well as Viviane Zwanger for making this release possible.

Assets 5
Loading