New-ComaeSnapshot simulates a live mode and generates the metadata directly. Using this command prevents the need to re-run analysis in the future as it doesn’t archive a copy of the physical memory. The full signature of the New-ComaeSnapshot command is as follows:
New-ComaeSnapshot [-Directory] <string>
The following cmdlet parameters are in scope to create the Snapshot:
- Directory parameter is the output directory.
From the PowerShell session execute the New-ComaeSnapshot cmdlet with the Directory parameter:
New-ComaeSnapshot -Directory “C:\Comae-Snapshots”
The below screenshots show the output from the New-ComaeSnapshot command. The command may take few to complete.