Re: [Qemu-devel] question for QEMU users

[Tim]

> * QEMU Forensic Toolkit, to do a forensic analysis of a Virtual Machine

I would pay for the ability to do this.  I would love to be able to dd
off an image of a system, then boot it read-only (via cow image) under
QEMU, and analyze it's behaviour on the network and otherwise without
having to worry about making a full HD copy to a seperate physical
machine, set up the network, etc.  The problem is, almost all systems
being analyzed would be running Windows, and I am not yet convinced
running Windows under Qemu is close to being stable.  I only use a Linux
host, so that part shouldn't be problematic, but being able to drop in a
Windows image to a VM that accurately emulates a wide variety of
hardware is.

In addition, having a stable VM to run Windows under will allow me to
set up honey pots quickly and painlessly.  A variety of emulated
hardware would also allow the VM to look more like a real machine to an
attacker, and that I would also pay for.

So, I guess my position is:  Don't worry too much about supporting lots
of host OSes outside of unix, but any x86 guest should work, and have
options for different hardware (video, network, etc).

thanks,
tim