Hyper-V Memory Forensics - MemProcFS to the Rescue!
In this episode, we'll learn how to properly acquire memory from Microsoft Hyper-V guest virtual machines.
🎉 Update
After I recorded this episode, Ulf Frisk, the author of MemProcFS, let me know that he has made some updates that no longer require you to copy the vmsavedstatedumpprovider.dll file to the MemProcFS directory if the SDK is installed in the **default** location. If installed to a different location, the file must still be copied. Additionally, the requirement to prepend the Hyper-V checkpoint file with hvsavedstate:// has also been removed. Both changes now make this process even easier!
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
00:43 - Preparation
06:35 - Using MemProcFS
🛠 Resources
MemProcFS:
https://github.com/ufrisk/MemProcFS
MemProcFS Documentation:
https://github.com/ufrisk/LeechCore/w...
Windows SDK:
https://developer.microsoft.com/en-us...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Watch video Hyper-V Memory Forensics - MemProcFS to the Rescue! online without registration, duration hours minute second in high quality. This video was added by user 13Cubed 18 December 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,84 once and liked it 10 people.