Create Snapshots

New-ComaeSnapshot simulates a live mode and generates the metadata directly. Using this command prevents the need to re-run analysis in the future as it doesn’t archive a copy of the physical memory. The full signature of the New-ComaeSnapshot command is as follows:

New-ComaeSnapshot [-Directory] <string>

The following cmdlet parameters are in scope to create the Snapshot:

  • Directory parameter is the output directory.

From the PowerShell session execute the New-ComaeSnapshot cmdlet with the Directory parameter:

New-ComaeSnapshot -Directory C:\Comae-Snapshots

The below screenshots show the output from the New-ComaeSnapshot command. The command may take few to complete.