VM Setup (Windows 10)

[LeDav1]

• [x] Install a Windows 10 VM
• [x] Disable Windows Defender
• [ ] Disk partitioning, check if ransomwares can encrypt other partitions
• [x] Multiple accounts (with different rights)
• [x] Test files (PNG, MP4, TXT)
• [ ] Make snapshots

[mateopc]

Set up of a virtual machine which runs a Windows 10 OS with Forensics tools such as DumpIt or Volatility

[mateopc]

Hibernation mode isn’t available on virtual machine nor on Sandbox...

Currently considering whether to go ahead with the project and use other ways of dumping memory (snapshot, vm sleep mode, ...).⚠However, these techniques may not be as reliable as dumping the hibernation file. Another solution is to try out our tests on a real machine rather than a VM.

[mateopc]

First rust code to try to recover the string into the dump memory from the snapshot :

// rustc main.rs -o /outputs/prog fn main() { let i: &str = "unlockbitrecover"; loop{ } }