[Vol-users] Using Windows XP VMs for testing and windows activation

Andre' M. DiMino adimino at sempersecurus.org
Thu Apr 12 19:12:02 CDT 2012


I generally build a fresh copy of the Windows VM, set it up the way I
want, then activate it. At that point, I make a snapshot and call it
"Initial Install".  I infect that VM with whatever I'm studying and
snapshot it if needed. When I'm complete with that RAM dump or other
analysis, I revert to "Initial Install".

If I make a clone, I just clone "Initial Image" which has already been

I use VMWare, BTW.


Andre' M. DiMino
Deep End Research

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

On 04/12/2012 07:05 PM, Mike Lambert wrote:
> I have not used VMs in the past to do malware testing because of the windows activation problems I run into. Clone, you have to activate; copy, you have to activate; move, you have to activate. I'm surprised that it still activates!
> I would like to talk to someone who knows the best way to deal with this. (or not) I'd like to have a clone that is infected that I can go back to later. (I do that now with hard disk images - I can put back a disk image to disk and plug it into the computer and bring it right back up.) 
> I can continue to use my test system, which I do not have any problem with. I blow a copy of a clean system to disk and then go on testing without any activation problems.
> Let me know if you have a solution.
> Thanks,
> Mike
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users

More information about the Vol-users mailing list