Virtualization memory analysis

Virtualization Memory Analysis can be seen as the analysis of virtual machines from the memory of the host system.

External Links

• Wikipedia: Virtualization
• Wikipedia: Hypervisor
• Hypervisor Memory Forensics, by Mariano Graziano, Andrea Lanzi, and Davide Balzarotti
• VM discovery and introspection with Rekall, by Jordi Sánchez López, October 3, 2014
• inVtero.net. A tool for physical to virtual & VM identification and extraction., by Shane Macaulay. As well as standard OS memory dumping for Windows, FreeBSD, OpenBSD and NetBSD. Requires no OS layer support, i.e. based on hardware page table isolation only.

Hyper-V

• Wikipedia: Hyper-V
• Analyzing Hyper-V Saved State files in Volatility, by Wyatt Roersma, October 17, 2013
• Hyper-V 2012 and 2012 R2 live virtual machine memory acquisition and analysis, by Wyatt Roersma, April 28, 2014