[Vol-users] Using Windows XP VMs for testing and windows activation

Mike Lambert dragonforen at hotmail.com
Sat Apr 14 16:56:12 CDT 2012


Thanks Andre! I'll try going back to the initial image and clone it. I was cloning later snapshots.
 
Mike
 

> Date: Thu, 12 Apr 2012 20:12:02 -0400
> From: adimino at sempersecurus.org
> To: vol-users at volatilityfoundation.org
> Subject: Re: [Vol-users] Using Windows XP VMs for testing and windows activation
> 
> Mike,
> 
> I generally build a fresh copy of the Windows VM, set it up the way I
> want, then activate it. At that point, I make a snapshot and call it
> "Initial Install". I infect that VM with whatever I'm studying and
> snapshot it if needed. When I'm complete with that RAM dump or other
> analysis, I revert to "Initial Install".
> 
> If I make a clone, I just clone "Initial Image" which has already been
> activated.
> 
> I use VMWare, BTW.
> 
> HTH,
> Andre'
> 
> Andre' M. DiMino
> Deep End Research
> http://deependresearch.org
> http://sempersecurus.org
> 
> "Make sure that nobody pays back wrong for wrong, but always try to be
> kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
> 
> On 04/12/2012 07:05 PM, Mike Lambert wrote:
> > 
> > I have not used VMs in the past to do malware testing because of the windows activation problems I run into. Clone, you have to activate; copy, you have to activate; move, you have to activate. I'm surprised that it still activates!
> > 
> > I would like to talk to someone who knows the best way to deal with this. (or not) I'd like to have a clone that is infected that I can go back to later. (I do that now with hard disk images - I can put back a disk image to disk and plug it into the computer and bring it right back up.) 
> > 
> > I can continue to use my test system, which I do not have any problem with. I blow a copy of a clean system to disk and then go on testing without any activation problems.
> > 
> > Let me know if you have a solution.
> > 
> > Thanks,
> > Mike
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users at volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120414/71d37658/attachment.html


More information about the Vol-users mailing list