Re: [Qemu-discuss] How to read memory dump?

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] How to read memory dump?

From:	Jakob Bohm
Subject:	Re: [Qemu-discuss] How to read memory dump?
Date:	Mon, 09 Mar 2015 19:24:08 +0100
User-agent:	Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 09/03/2015 17:21, Binh Q Pham wrote:

Hi folks,
Could you suggest me a way to extract information from VirtualMachine's memory dump (I used 'pmemsave' to get this memory dump)?
Thanks for your help.
-Binh


I read somewhere offline that there is a project called
"volatility", which provides tools and scripts to examine
machine states found in such memory dumps.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-discuss] How to read memory dump?, Binh Q Pham, 2015/03/09
- Re: [Qemu-discuss] How to read memory dump?, Jakob Bohm <=
  - Re: [Qemu-discuss] How to read memory dump?, Binh Q. Pham, 2015/03/09

Prev by Date: [Qemu-discuss] How to read memory dump?
Next by Date: Re: [Qemu-discuss] How to read memory dump?
Previous by thread: [Qemu-discuss] How to read memory dump?
Next by thread: Re: [Qemu-discuss] How to read memory dump?
Index(es):
- Date
- Thread