1

I want to know if I can open a virtual machine (VMware , Virtual Box ...)and (for example) install Windows 7 + some programs (Chrome, Word, antivirus....) and then save the current state. Right now I don't have any idea how I can.
Then I would execute a piece of malware, after that I want to know if it's possible to know the modified files and the new registry keys that they've added to the VM. I would want to know all the modifications after the first saved state, just for malware analysis.
And then I want to be able to return the VM to the first state (in some tutorials on YouTube I saw them saving the new modification in files like "Virus.VMEM")

How can I do that on linux (Debian)? I've already installed VMware and I'm ready to install any other tool that could help me.

Khalil Bz
  • 203
  • 2
  • 9
  • If you'd use KVM + virsh, you could use snapshots to roll back to a previous state. You could probably find the delta somewhere and analyze that, but you'd need some tools or advanced knowledge to interpret it. – S.L. Barth is on codidact.com Sep 13 '15 at 11:25
  • You have asked 2 different questions, each of them are non-security, tool-based questions. Snapshotting VMs is certainly possible and each VM software has instructions on how to do that. Monitoring changes that processes makes to Windows is also certainly possible, and there are Windows tools to do that. I'm migrating this to SuperUser so that you can get the answers you seek. – schroeder Sep 13 '15 at 14:55

0 Answers0