On 06/02/2012 12:20 PM, NoxDaFox wrote:
>
> For what I know it's not possible to analyze memory contained in libvirt
> snapshots taken through qemu savevm.
qemu 'savevm' dumps in an internal migration format. But you can use
the 'migrate' command to do a migration to disk, which at least some
m
Andrew Tappert writes:
>
>
> A lot of people in the security community, myself included, are
> interested in memory forensics these days. Virtualization is a natural
> fit with memory forensics because it allows one to get access to a
> guest's memory without having to introduce any extra soft
On Thu, May 05, 2011 at 01:56:10PM -0400, Andrew Tappert wrote:
>
> A lot of people in the security community, myself included, are
> interested in memory forensics these days. Virtualization is a natural
> fit with memory forensics because it allows one to get access to a
> guest's memory withou
On 05/05/2011 02:33 PM, Eric Blake wrote:
> On 05/05/2011 11:56 AM, Andrew Tappert wrote:
>>
>> Virsh has "save" and "dump" commands for storing the state of a guest to
>> a file on disk, but memory of KVM guests doesn't get saved in the
>> "standard" input format for memory forensics tools, which
On 05/05/2011 11:56 AM, Andrew Tappert wrote:
>
> A lot of people in the security community, myself included, are
> interested in memory forensics these days. Virtualization is a natural
> fit with memory forensics because it allows one to get access to a
> guest's memory without having to introd
A lot of people in the security community, myself included, are
interested in memory forensics these days. Virtualization is a natural
fit with memory forensics because it allows one to get access to a
guest's memory without having to introduce any extra software into the
guest or otherwise inter
