Winpmem can be deployed on remote systems through such native applications as Remote Desktop or PsExec. Once installed on the remote system, the output of WinPmem can be piped to another system utilizing NetCat. For example, suppose that the incident response analyst is utilizing a system located at 192.168.0.56. If the analyst is able to access the compromised host via PSExec or RDS, they can establish a netcat connection back to their machine utilizing the following command:

C:/winpmem-2.1.exe - | nc 192.168.0.56 4455

The preceding command directs the system to perform the capture and send the output via Netcat to the incident response analyst workstation over port 4455. The drawback to this technique is that it requires access to the Command Prompt as well as the installation of both NetCat and WinPmem. This may not be the best option if the incident response analyst is dealing with a system that is already suspected of being compromised.