[Vol-users] (win7x64) : creating images for volatility

George M. Garner Jr. ggarner_online at gmgsystemsinc.com
Wed Oct 23 13:31:41 CDT 2013


> Yeah I suppose the memorydump is *****ed... but wanted to make sure
> since I heard some rumours about having problems with *large* dumps on x64.
> And indeed I meant netscan, instead of connscan. My bad.
>

64 GiB is a large dump.  8 GiB is standard these days.  No problems with 
really LARGE memory dumps here, btw.  :-)  No problem acquiring the 
pagefile(s) here either, in case you have some virtual memory swapped out.


> It's a bare metal box, so no hypervisor involved.

Don't bet on it.  If the processor supports virtualization extensions 
(which most do nowadays), then you may be running in a hypervizor.  You 
have to test for that specifically.

Regards,

George M. Garner Jr.
President
GMG Systems, Inc.


More information about the Vol-users mailing list