On 04.05.2016 19:11, Torres, Geoff (Cyber Security) wrote:
> Hmmm... What does 'lqs2mem -l <snapshot_memfile>' show?
$ lqs2mem -l snapshot.img
Invalid QEMU-savevm magic
Unrecogized file format
$ file snapshot.img
snapshot.img: QEMU suspend to disk image
> When I run the lqs2mem tool, I don't get an ELF image (i.e. 'file
> <raw_image>' returns 'data'). But the image runs through volatility just
> fine.
I got the ELF file from running "dump-guest-memory" on the QEMU console after
loading the snapshot.
- Thomas
_______________________________________________
Vol-users mailing list
[email protected]
http://lists.volatilesystems.com/mailman/listinfo/vol-users
