Virtualization Memory Analysis
Revision as of 22:51, 9 November 2015 by Smacaulay (Added link for new tool)
Virtualization Memory Analysis can be seen as the analysis of virtual machines from the memory of the host system.
- Wikipedia: Virtualization
- Wikipedia: Hypervisor
- Hypervisor Memory Forensics, by Mariano Graziano, Andrea Lanzi, and Davide Balzarotti
- VM discovery and introspection with Rekall, by Jordi Sánchez López, October 3, 2014
- inVtero.net. A tool for physical to virtual & VM identification and extraction., by Shane Macaulay. As well as standard OS memory dumping for Windows, FreeBSD, OpenBSD and NetBSD. Requires no OS layer support, i.e. based on hardware page table isolation only.
- Turtles Project, Design, implementation, definitions and analysis for a Linux/KVM based nested VM architecture.
- Wikipedia: Hyper-V
- Analyzing Hyper-V Saved State files in Volatility, by Wyatt Roersma, October 17, 2013
- Hyper-V 2012 and 2012 R2 live virtual machine memory acquisition and analysis, by Wyatt Roersma, April 28, 2014