This white paper presents an in-depth analysis of security vulnerabilities found in WinpMem, an open-source forensic memory acquisition driver widely used in digital investigations. While initially designed to provide memory captures for tools such as Volatility or Velociraptor, our research uncovered critical flaws in its design and implementation, including a time-of-check to time-of-use (TOCTOU) condition and an original “write-zero-where” vulnerability turned into a novel kind of “write-anything-where” primitive. We detail the technical foundations of these issues, their potential exploitation paths, and their broader implications for system security, particularly in the context of the “Bring Your Own Vulnerable Driver” (BYOVD) threat model. This work was first presented at Recon 2025 in Montreal, highlighting not only the risks associated with forensic and security drivers but also the importance of secure coding practices in low-level system software. The findings are relevant for security researchers, forensic practitioners, and system developers seeking to understand both the opportunities and the risks that memory acquisition drivers can introduce.