Any experience with hyper-v ram forensic?

Does anyone any experience with Microsoft hyper-V ram forensic?
What method do you prefer? either to obtain .bin file from the hypervisor (I don´t know if volatility supports it) or to run a capture ram dump tool on the VM affected?

In my case I have hyper-v VM Microsoft Windows Server 2008 64 bits with 25 Gb of ram memory.

Suggestions or ideas will be very appreciated.

Thanks in advanced.

9 Posts

Sign Up for Free or Log In to start participating in the conversation!