Because the universe hates me, I've been given an E01 of a RAM dump (from Win7SP1x64) and I have to use Windows to run Volatility.

I have p99 of tAoMF in front of me.

I tried the "Mount in FTK Imager and point to Z:\unallocated space" thing, but pslist showed only 1 entry which looked very corrupt.

I don't have access to EnCase to mount it from there.

So I'd like to use libewf. But can I even use it on Windows?? If I compile the library, how do I tell Volatility about the libewf.dll?

Basically, how do I use Volatility with libewf on Windows?

Thank you,

Adam