2013/10/3 <chris-2012@arcor.de>

Dear all,

sorry, I'm using webmail only and couldn't set an in reply-to header to my last message.

Libvmi seems a bit complicated to install, at least compared to the vboxmanage debugvm command. Is libvmi required for KVM or is it possible to use virsh dump?

Hi Chris,

You should use LibVMI just for "online live" forensics over a virtual machine.

If you merely need an offline memory dump of a KVM virtual machine, feel free to use virsh dump without LibVMI.

However, just FYI, LibVMI is evolving drastically to be a great VM-oriented address space for Volatility.

Thanks,

Guanglin

Thank you in advance.

- Chris
_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users