[Vol-users] KVM and Memory Dump

Guanglin Xu mzguanglin at gmail.com
Fri Oct 4 00:07:19 CDT 2013


2013/10/3 <chris-2012 at arcor.de>

> Dear all,
>
> sorry, I'm using webmail only and couldn't set an in reply-to header to my
> last message.
>
> Libvmi seems a bit complicated to install, at least compared to the
> vboxmanage debugvm command. Is libvmi required for KVM or is it possible to
> use virsh dump?
>

Hi Chris,

You should use LibVMI just for "online live" forensics over a virtual
machine.

If you merely need an offline memory dump of a KVM virtual machine, feel
free to use virsh dump without LibVMI.

However, just FYI, LibVMI is evolving drastically to be a great VM-oriented
address space for Volatility.

Thanks,

Guanglin


>
> Thank you in advance.
>
> - Chris
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131004/c9ae5236/attachment.html


More information about the Vol-users mailing list