PyMem - Memory Acquisition Tool

PyMem - Memory Acquisition Tool

README.md

@@ -37,7 +37,6 @@
 For this reason, we recommend that you run your tests in demo environments.</p>
 <p>Unutulmamalıdır ki, bellek imajı almak ciddi bir süreçtir. Bu süreçte çok sayıda hata, BSOD (Blue Screen of Death / Mavi Ekran Hataları) ve hatta bellek hatalarıyla karşılaşabilirsiniz. Bu nedenle doğabilecek herhangi bir zarardan sorumlu olmadığımızı beyan ederiz. 
 
-
 Bu nedenle testlerinizi demo ortamlarda yapmanızı tavsiye ederiz.</p>
 <h2>Thanks</h2>
 <b>Great thanks to the <a target="_blank" href="https://github.com/Velocidex/WinPmem">Velocidex (WinPMEM)</a> team for providing drivers</b>

src/pymem.egg-info/PKG-INFO

@@ -0,0 +1,61 @@
+Metadata-Version: 2.1
+Name: pymem
+Version: 0.0.20
+Summary: PyMem - Memory Acquisition Tool
+Home-page: https://github.com/alicangnll/pymem
+Author: Ali Can Gönüllü
+Author-email: [email protected]
+License: Mozilla Public License 2.0
+Project-URL: Bug Report, https://github.com/alicangnll/pymem/issues/new
+Classifier: License :: OSI Approved :: Mozilla Public License 2.0
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+
+# PyMem - Get Memory Image on Windows
+<h2>What is this ?</h2>
+<p>It is a software that you can take memory image from your device with Python.</p>
+<h2>How is it working ?</h2>
+<p>Before taking your memory copy, it obtains information about your memory size. Then, based on this information, it addresses your memory image according to the buffer size and buffer size, and then starts making memory copies of all your applications.</p>
+<h2>Tested Image Forensic Softwares</h2>
+<ul>
+  <li>AccessData FTK Imager</li>
+</ul>
+<h2>Tested OS (on Virtual Machine)</h2>
+<ul>
+  <li>Windows 11 Build Number 22621.2283</li>
+</ul>
+<h2>Images</h2>
+<img src="pic/ftk_imager_test.png" />
+<br>
+<img src="pic/wintest.png" />
+<h2>Installation</h2>
+<pre>
+  On CMD or PowerShell (Administrator)
+  cd pymem_current_directory
+  bcdedit /set testsigning on
+  Check Memory Compression with "Get-MMAgent" command
+  Disable Memory Compression with "Disable-MMAgent -mc" command
+  Restart...
+
+  winget install python --source=msstore
+  OR
+  winget install python
+  python -m pip install -r requirements.txt
+  python example.py
+  NOTE : You must NEED Visual Studio C++ Libraries!!
+</pre>
+<h2>Disclaimer</h2>
+<p>It should not be forgotten that taking a memory image is a serious process. In this process, you may encounter numerous errors, BSODs (Blue Screen of Death), and even memory errors. For this reason, we declare that we are not responsible for any damage that may arise.
+
+For this reason, we recommend that you run your tests in demo environments.</p>
+<p>Unutulmamalıdır ki, bellek imajı almak ciddi bir süreçtir. Bu süreçte çok sayıda hata, BSOD (Blue Screen of Death / Mavi Ekran Hataları) ve hatta bellek hatalarıyla karşılaşabilirsiniz. Bu nedenle doğabilecek herhangi bir zarardan sorumlu olmadığımızı beyan ederiz. 
+
+Bu nedenle testlerinizi demo ortamlarda yapmanızı tavsiye ederiz.</p>
+<h2>Thanks</h2>
+<b>Great thanks to the <a target="_blank" href="https://github.com/Velocidex/WinPmem">Velocidex (WinPMEM)</a> team for providing drivers</b>

src/pymem.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+LICENSE
+README.md
+setup.cfg
+setup.py
+src/pymem.egg-info/PKG-INFO
+src/pymem.egg-info/SOURCES.txt
+src/pymem.egg-info/dependency_links.txt
+src/pymem.egg-info/requires.txt
+src/pymem.egg-info/top_level.txt

src/pymem.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

src/pymem.egg-info/requires.txt

@@ -0,0 +1 @@
+pywin32

src/pymem.egg-info/top_level.txt

@@ -0,0 +1 @@
+pymem