WinPMEM - a kernel mode driver for gaining access to physical memory.
Version 1.5.2
Copyright 2013 Michael Cohen <scudette@gmail.com>


This directory contains two binaries:

winpmem_1.5.2.exe: The officially supported winpmem binary memory imager. This
contains signed drivers for loading into 64 bit windows versions. The drivers
support only read mode for forensic analysis. Write support is disabled.

winpmem_write_1.5.2.exe: This is a binary with test signed drivers that also have
write support enabled. These will not load on a regular windows machine! In
order to use these drivers you will need to enable test mode signing in your
kernel:

Bcdedit.exe -set TESTSIGNING ON

and reboot.
