Does anyone any experience with Microsoft hyper-V ram forensic?
What method do you prefer? either to obtain .bin file from the hypervisor (I don´t know if volatility supports it) or to run a capture ram dump tool on the VM affected?
In my case I have hyper-v VM Microsoft Windows Server 2008 64 bits with 25 Gb of ram memory.
Suggestions or ideas will be very appreciated.
Thanks in advanced.
Oct 21st 2016
1 year ago