[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] forensics investigation of xl dump-core memory image?

To: xen-users@xxxxxxxxxxxxx
From: "J. Eppler" <j.eppler@xxxxxxxxxxxxxxx>
Date: Thu, 16 Jun 2016 18:22:13 -0500
Delivery-date: Thu, 16 Jun 2016 23:24:45 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

On 06/15/2016 03:14 AM, Roger Pau Monné wrote:
> Hello,
>
> On Mon, Jun 13, 2016 at 09:01:20AM -0500, J. Eppler wrote:
>> Hello,
>>
>> - what tools are able to investigate a xl dump-core memory image?
> That, AFAIK, depends on the OS that was running.
Qubes OS R3.1, Xen 4.6 Linux Kernel 4.1 with some Qubes modification is
used in both Dom0 as well as DomU guests. Guest could be Fedora, Debian
and Archlinux.

Futhermore Qubes OS supports Windows 7.

I am interested in analyzing any of them.
>
>> - is it possible to investigate the memory images by using volatility?
> It depends on whether volatility is able to understand the Xen dump-core 
> format [0], you should ask them.
Thanks for clarification.
>
> Roger.
>
> [0] http://xenbits.xen.org/docs/unstable/misc/dump-core-format.txt
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- [Xen-users] forensics investigation of xl dump-core memory image?
  - From: J. Eppler
- Re: [Xen-users] forensics investigation of xl dump-core memory image?
  - From: Roger Pau Monné

Prev by Date: [Xen-users] [ANNOUNCEMENT] Xen 4.7 RC6
Next by Date: Re: [Xen-users] Xen Continuously Reboot
Previous by thread: Re: [Xen-users] forensics investigation of xl dump-core memory image?
Next by thread: [Xen-users] Xen can't boot.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.