[Vol-users] Using Windows XP VMs for testing and windows activation

Andre' M. DiMino adimino at sempersecurus.org
Thu Apr 12 19:12:02 CDT 2012


Mike,

I generally build a fresh copy of the Windows VM, set it up the way I
want, then activate it. At that point, I make a snapshot and call it
"Initial Install".  I infect that VM with whatever I'm studying and
snapshot it if needed. When I'm complete with that RAM dump or other
analysis, I revert to "Initial Install".

If I make a clone, I just clone "Initial Image" which has already been
activated.

I use VMWare, BTW.

HTH,
Andre'

Andre' M. DiMino
Deep End Research
http://deependresearch.org
http://sempersecurus.org

"Make sure that nobody pays back wrong for wrong, but always try to be
kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

On 04/12/2012 07:05 PM, Mike Lambert wrote:
> 
> I have not used VMs in the past to do malware testing because of the windows activation problems I run into. Clone, you have to activate; copy, you have to activate; move, you have to activate. I'm surprised that it still activates!
>  
> I would like to talk to someone who knows the best way to deal with this. (or not) I'd like to have a clone that is infected that I can go back to later. (I do that now with hard disk images - I can put back a disk image to disk and plug it into the computer and bring it right back up.) 
>  
> I can continue to use my test system, which I do not have any problem with. I blow a copy of a clean system to disk and then go on testing without any activation problems.
>  
> Let me know if you have a solution.
>  
> Thanks,
> Mike
>  
>  
>  
>   		 	   		  
> 
> 
> 
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users


More information about the Vol-users mailing list