Release CDIR Collector v1.3.3 · CyberDefenseInstitute/CDIR

CDIR Collector v1.3.3 (Digitally Signed)
https://www.cyberdefense.jp/download/cdir-collector_1.3.3.zip

Imported Pull Request #4
Updated Winpmem 2.1.post4 to 3.2
Updated LibreSSL 2.4.1 to 2.5.5

Note

When you extract raw data from aff4 memory dump which is acquired by CDIR Collector v1.3.3 (Winpmem 3.2), type the following command:

> winpmem.exe -dd -e */PhysicalMemory -D OUTPUTDIR RAM_COMPUTERNAME.aff4

> winpmem.exe -V RAM_COMPUTERNAME.aff4
> winpmem.exe -dd -e "aff4://UUID/PhysicalMemory" -D OUTPUTDIR RAM_COMPUTERNAME.aff4

We've realized Winpmem 3.2 consumes more memory compared to Winpmem 2.1.post4. If you want to use Winpmem 2.1.post4 instead of WinPmem 3.2, you must have MemoryDumpCmdline enabled in cdir.ini.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CDIR Collector v1.3.3

Note