[Vol-users] stuxnet.vmem and VMware
G. Scott Graham
gsg at cs.utoronto.ca
Mon Nov 7 08:49:53 CST 2011
MHL has been helpful in the past, but I thought I would throw this one out
to a wider audience.
Simply put, I asked my sysadmin, who has helped me set up my VMware
environment, to set up an XP SP3 VM and load stuxnet.vmem as the suspended
memory image. VMware crapped out with "A fault has occurred causing the
virtual CPU to enter the shutdown state. ..." Does anyone have any insight
here? Is stuxnet.vmem the suspended memory image of a Stuxnet infected XP
If it had worked, I wanted to get sysinternals running on the VM, so that I
would have sysinternals and Volatility insight into Stuxnet -- although not
approaching what Mark Russinovitch was able to show with booting up the
machine and infecting it from the start. For educational purposes, for the
class I am teaching.
Thanks for any guidance, VMware or stuxnet. bfn
Professor G. Scott Graham
administratively: Dean's Designate for Academic Offences
academically: Associate Professor, Computer Science and Forensic Science
University of Toronto Mississauga
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users