Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Any experience with hyper-v ram forensic? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Any experience with hyper-v ram forensic?
Hello!!

Does anyone any experience with Microsoft hyper-V ram forensic?
What method do you prefer? either to obtain .bin file from the hypervisor (I don´t know if volatility supports it) or to run a capture ram dump tool on the VM affected?

In my case I have hyper-v VM Microsoft Windows Server 2008 64 bits with 25 Gb of ram memory.

Suggestions or ideas will be very appreciated.

Thanks in advanced.
DrGreen

4 Posts

Sign Up for Free or Log In to start participating in the conversation!