VMware Communities
Root_User
Contributor
Contributor
‎05-24-2017 12:58 PM
Jump to solution

Memory forensics

Is it possible to inspect the current memory traffic outside the VM?  This would supply me with valuable insight without tampering with installed VM OS.

Reply
1 Solution

Accepted Solutions
wila
Immortal
Immortal
‎05-24-2017 01:25 PM
Jump to solution

Hi,

Not exactly sure what you are after, but ... when you take a snapshot, the memory is written out to a file called <machine name>.vmss

Perhaps that will help?

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

View solution in original post

Reply
0 Kudos
2 Replies
wila
Immortal
Immortal
‎05-24-2017 01:25 PM
Jump to solution

Hi,

Not exactly sure what you are after, but ... when you take a snapshot, the memory is written out to a file called <machine name>.vmss

Perhaps that will help?

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva
Reply
0 Kudos
admin
Immortal
Immortal
‎05-24-2017 02:51 PM
Jump to solution

As wila mentioned, you can use snapshots to write the VM memory to disk.  You also can suspend the VM.  You then could use the vmss2core tool to convert it to a dump file that you could inspect with a debugger.

Reply