MHL has been helpful in the past, but I
thought I would throw this one out to a wider audience.
Simply put, I asked my sysadmin, who has helped me set up my
VMware environment, to set up an XP SP3 VM and load stuxnet.vmem
as the suspended memory image. VMware crapped out with "A fault
has occurred causing the virtual CPU to enter the shutdown state.
..." Does anyone have any insight here? Is stuxnet.vmem the
suspended memory image of a Stuxnet infected XP SP3 machine?
If it had worked, I wanted to get sysinternals running on the VM,
so that I would have sysinternals and Volatility insight into
Stuxnet -- although not approaching what Mark Russinovitch was
able to show with booting up the machine and infecting it from the
start. For educational purposes, for the class I am teaching.
Thanks for any guidance, VMware or stuxnet. bfn
--
Professor G. Scott Graham
administratively: Dean's Designate for Academic Offences
academically: Associate Professor, Computer Science and Forensic Science
University of Toronto Mississauga