The sole purpose of this short posting is to provide you with an extended snippet for your magic(5) file. Now file(1) can identify both 32bit and 64bit versions of crash dumps and tell the most important of their properties.
0 string PAGE Microsoft Windows crash dump >4 string DUMP \b, 32bit >>0x05c byte 0 \b, no PAE >>0x05c byte 1 \b, PAE >>0xf88 lelong 1 \b, full dump >>0xf88 lelong 2 \b, kernel dump >>0xf88 lelong 3 \b, small dump >>0x068 lelong x \b, %ld pages >4 string DU64 \b, 64bit >>0xf98 lelong 1 \b, full dump >>0xf98 lelong 2 \b, kernel dump >>0xf98 lelong 3 \b, small dump >>0x090 lequad x \b, %lld pages
