[Vol-users] (win7x64) : creating images for volatility

George M. Garner Jr. ggarner_online at gmgsystemsinc.com
Wed Oct 23 13:31:41 CDT 2013

> Yeah I suppose the memorydump is *****ed... but wanted to make sure
> since I heard some rumours about having problems with *large* dumps on x64.
> And indeed I meant netscan, instead of connscan. My bad.

64 GiB is a large dump.  8 GiB is standard these days.  No problems with 
really LARGE memory dumps here, btw.  :-)  No problem acquiring the 
pagefile(s) here either, in case you have some virtual memory swapped out.

> It's a bare metal box, so no hypervisor involved.

Don't bet on it.  If the processor supports virtualization extensions 
(which most do nowadays), then you may be running in a hypervizor.  You 
have to test for that specifically.


George M. Garner Jr.
GMG Systems, Inc.

