From ef66a82c26e2633443128f096daf713be60c0f74 Mon Sep 17 00:00:00 2001
From: Meir Wahnon <meir@demisto.com>
Date: Fri, 13 Nov 2015 23:08:59 +0200
Subject: [PATCH] add Process dump tools

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 0d02283..5864b55 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ A curated list of tools for incident response
 - [Disk Image Creation Tools](#disk-image-creation-tools)
 - [Memory Analysis Tools](#memory-analysis-tools)
 - [Memory Imaging Tools](#memory-imaging-tools)
+- [Process Dump Tools](#process-dump-tools)
 
 ## IR tools Collection
 
@@ -27,3 +28,7 @@ A curated list of tools for incident response
 ### Memory Imaging Tools
 * [OSForensics](http://www.osforensics.com/) - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual process’s memory space or physical memory dump can be done
 * [Belkasoft Live RAM Capturer](http://forensic.belkasoft.com/en/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system
+
+### Process Dump Tools
+* [PMDump](http://ntsecurity.nu/toolbox/pmdump/) - PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process
+* [Microsoft User Mode Process Dumper](http://www.microsoft.com/en-us/download/details.aspx?id=4060) - The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly