Today is day 4 of the 2023 Chaos Communication Camp in Mildenberg. For the third time, the Ziegeleipark is turned into a blinking, glowing, and shining tent site for almost 6000 people playing around with and discussing technology, culture, politics, and social topics.
Two days ago, on Wednesday at 11pm, Leonard and I participated in this year’s program by presenting stories from our life as incident responders. The talk was recorded and is available on media.
I use VirtualBox to triage and analyze malware. In contrast to VMWares .vmem file, VirtualBox does not use a separate file to store the current memory. Even if you take a snapshot or pause the VM, the current memory is not saved separately but stores the complete state of the VM in a .sav file.
Luckily, Philippe Teuwen describes another way to dump the RAM of a (running) VirtualBox VM by using the VirtualBox debugvm capabilities.