Physical memory acquisition tool written in Go
Go port of Rekall's pmem suite of tools found here (Copyright 2012 Michael Cohen [email protected])
Usage of GoPmem.exe:
-device string
Name of kernel driver device (default "pmem")
-filename string
Name of output file (default "memdump.bin")
Load Winpmem driver and exit
-mode string
The acquisition mode [ physical | iospace | pte | pte_pci ] (default "physical")
Unload Winpmem driver and exit