Dump files are the exact copy of the entire memory state of a machine as a Microsoft Crash Dump. They are generated on the fly by the Comae DumpIt utility. The full signature of the DumpIt command was previously provided. This section focuses on the Directory parameter and related value and the IsCompress param.
The Directory parameter tells the cmdlet what directory to deposit the 2 files that are generated as part of its output. The directory is created by the command if it doesn’t already exist.
IsCompress compresses the output crash dump in an internal format created specifically by Comae Stardust to support large files e.g. 100Gb. The file extension is zdmp instead of dmp.
New-ComaeDumpFile command from the Powershell session:
New-ComaeDumpFile -Directory "C:\Comae-CrashDumps" -IsCompress
The cmdlet takes a few minutes to complete its analysis and create a dmp and json files