[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] question for QEMU users

From: Tim
Subject: Re: [Qemu-devel] question for QEMU users
Date: Wed, 17 Nov 2004 14:14:38 -0500
User-agent: Mutt/1.5.6+20040907i

> * QEMU Forensic Toolkit, to do a forensic analysis of a Virtual Machine

I would pay for the ability to do this.  I would love to be able to dd
off an image of a system, then boot it read-only (via cow image) under
QEMU, and analyze it's behaviour on the network and otherwise without
having to worry about making a full HD copy to a seperate physical
machine, set up the network, etc.  The problem is, almost all systems
being analyzed would be running Windows, and I am not yet convinced
running Windows under Qemu is close to being stable.  I only use a Linux
host, so that part shouldn't be problematic, but being able to drop in a
Windows image to a VM that accurately emulates a wide variety of
hardware is.

In addition, having a stable VM to run Windows under will allow me to
set up honey pots quickly and painlessly.  A variety of emulated
hardware would also allow the VM to look more like a real machine to an
attacker, and that I would also pay for.

So, I guess my position is:  Don't worry too much about supporting lots
of host OSes outside of unix, but any x86 guest should work, and have
options for different hardware (video, network, etc).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]