Right, I also found volatility and played with that for a while, but I
got problems getting that running. I already reported the problems to
volatility, but I will also mention here in case someone has gone
through the same problem and knows how to fix:
https://github.com/volatilityfoundation/volatility/issues/198
Thanks,
-Binh
On 03/09/2015 02:24 PM, Jakob Bohm wrote:
On 09/03/2015 17:21, Binh Q Pham wrote:
Hi folks,
Could you suggest me a way to extract information from Virtual
Machine's memory dump (I used 'pmemsave' to get this memory dump)?
Thanks for your help.
-Binh
I read somewhere offline that there is a project called
"volatility", which provides tools and scripts to examine
machine states found in such memory dumps.
Enjoy
Jakob
