Machine Acquisition

Running the Comae DumpIt utility with the /Q (for quiet) option is used to automatically answer confirmation prompts, such as Proceed with the acquisition? [y/n], when running memory acquisition in a script.


Windows Scheduled Tasks can be setup to run the DumpIt program as a time-based utility and generate a historical record of machine activity. Doing so enables retro-hunting investigations.