How to add or update dependencies

Download

Download the latest version of Collect-MemoryDump from the Releases section.

Note: Collect-MemoryDump does not include all external tools by default.

Because of potential legal issues, you have to download and add following 3rd party dependencies on your own:

• Belkasoft Live RAM Capturer
• Comae-Toolkit
• MAGNET Encrypted Disk Detector
• MAGNET Ram Capture

Copy the required files to following file locations:

Belkasoft Live RAM Capturer
$SCRIPT_DIR\Tools\RamCapturer\x64\msvcp110.dll
$SCRIPT_DIR\Tools\RamCapturer\x64\msvcr110.dll
$SCRIPT_DIR\Tools\RamCapturer\x64\RamCapture64.exe
$SCRIPT_DIR\Tools\RamCapturer\x64\RamCaptureDriver64.sys
$SCRIPT_DIR\Tools\RamCapturer\x86\msvcp110.dll
$SCRIPT_DIR\Tools\RamCapturer\x86\msvcr110.dll
$SCRIPT_DIR\Tools\RamCapturer\x86\RamCapture.exe
$SCRIPT_DIR\Tools\RamCapturer\x86\RamCaptureDriver.sys

Comae-Toolkit
$SCRIPT_DIR\Tools\DumpIt\ARM64\DumpIt.exe
$SCRIPT_DIR\Tools\DumpIt\x64\DumpIt.exe
$SCRIPT_DIR\Tools\DumpIt\x86\DumpIt.exe

MAGNET Encrypted Disk Detector
$SCRIPT_DIR\Tools\EDD\EDDv310.exe

MAGNET Ram Capture
$SCRIPT_DIR\Tools\MRC\MRCv120.exe

Update Dependencies

You can easily upgrade or downgrade dependency versions.

You have to edit "Open Collect-MemoryDump.ps1".

1. Check the supported dependency version in the beginning of the script. Replace the listed version with the version you would like to use.
   Old: DumpIt 3.5.0 (2022-08-02) --> Comae-Toolkit
New: DumpIt 3.6.20220824 (2022-08-24) --> Comae-Toolkit
2. Update the file hashes of your new binary/binaries listed under 'Hash Values (Whitelisting)'.

Fig 1: Hash Values (Whitelisting)

3. Search for 'Verify File Integrity' in the respective function and update the MD5 file hashes.

Fig 2: Update MD5 file hashes (Verify File Integrity)

Last updated: 2022-11-12