Blog du Tristank

Migrating to . And still so terrific that 3 of 4 readers rated it "soporific"

Hyper-V Saved State to Memory Dump conversion

I was wondering if something like this existed to help with a malware infestation I was looking at.

And yes! It does!

Via Doug:

Take a virtual machine that you want to do some kernel level spelunking on. Rather than going into the guest and generating a kernel dump by one of the usual methods, take the saved state of the virtual machines and use this new tool to make a memory dump.

Haven’t tried it out yet, but that’s my next step…