Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Any experience with hyper-v ram forensic?

Does anyone any experience with Microsoft hyper-V ram forensic?
What method do you prefer? either to obtain .bin file from the hypervisor (I don´t know if volatility supports it) or to run a capture ram dump tool on the VM affected?

In my case I have hyper-v VM Microsoft Windows Server 2008 64 bits with 25 Gb of ram memory.

Suggestions or ideas will be very appreciated.

Thanks in advanced.

9 Posts

Sign Up for Free or Log In to start participating in the conversation!