[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] question for QEMU users
From: |
Tim |
Subject: |
Re: [Qemu-devel] question for QEMU users |
Date: |
Wed, 17 Nov 2004 14:14:38 -0500 |
User-agent: |
Mutt/1.5.6+20040907i |
> * QEMU Forensic Toolkit, to do a forensic analysis of a Virtual Machine
I would pay for the ability to do this. I would love to be able to dd
off an image of a system, then boot it read-only (via cow image) under
QEMU, and analyze it's behaviour on the network and otherwise without
having to worry about making a full HD copy to a seperate physical
machine, set up the network, etc. The problem is, almost all systems
being analyzed would be running Windows, and I am not yet convinced
running Windows under Qemu is close to being stable. I only use a Linux
host, so that part shouldn't be problematic, but being able to drop in a
Windows image to a VM that accurately emulates a wide variety of
hardware is.
In addition, having a stable VM to run Windows under will allow me to
set up honey pots quickly and painlessly. A variety of emulated
hardware would also allow the VM to look more like a real machine to an
attacker, and that I would also pay for.
So, I guess my position is: Don't worry too much about supporting lots
of host OSes outside of unix, but any x86 guest should work, and have
options for different hardware (video, network, etc).
thanks,
tim
Re: [Qemu-devel] question for QEMU users, Pavel Janík, 2004/11/17
Re: [Qemu-devel] question for QEMU users, Johannes Schindelin, 2004/11/17
Re: [Qemu-devel] question for QEMU users, malc, 2004/11/17
Re: [Qemu-devel] question for QEMU users, jeebs, 2004/11/17
Re: [Qemu-devel] question for QEMU users, Lennert Buytenhek, 2004/11/17