Because the tag is different in lower version of Windows, need to change the tag in scan algorithm 4b29cf1986/volatility/framework/plugins/windows/poolscanner.py (L229)
4b29cf1986/volatility/framework/plugins/windows/poolscanner.py (L229)
- Scan _ETHREAD with PoolTag='Thre' - Parse pid/ppid from _EPROCESS - Build process tree from output log - Static link for machine missing Windows C++ dev environment
