Dargslan.WinMemoryForensic

2.0.0

Windows memory forensics toolkit — loaded DLLs, injected threads, hollow processes, memory-only malware indicators, and anomaly detection

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name Dargslan.WinMemoryForensic

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name Dargslan.WinMemoryForensic

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Dargslan. All rights reserved.

Package Details

Author(s)

  • Dargslan

Tags

memory forensics dll-injection hollow threads malware detection security sysadmin dargslan 2026

Functions

Get-MemoryForensicScan

Dependencies

  • .NETStandard 2.0

    • No dependencies.

Release Notes

2026 Edition — Part of the Dargslan Windows Admin Toolkit. Visit https://dargslan.com/

FileList

Version History

Version Downloads Last updated
2.0.0 (current version) 2 4/14/2026