[Vol-users] KVM and Memory Dump
mzguanglin at gmail.com
Fri Oct 4 00:07:19 CDT 2013
2013/10/3 <chris-2012 at arcor.de>
> Dear all,
> sorry, I'm using webmail only and couldn't set an in reply-to header to my
> last message.
> Libvmi seems a bit complicated to install, at least compared to the
> vboxmanage debugvm command. Is libvmi required for KVM or is it possible to
> use virsh dump?
You should use LibVMI just for "online live" forensics over a virtual
If you merely need an offline memory dump of a KVM virtual machine, feel
free to use virsh dump without LibVMI.
However, just FYI, LibVMI is evolving drastically to be a great VM-oriented
address space for Volatility.
> Thank you in advance.
> - Chris
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users