Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

memflow

memflow is a live memory introspection framework with a modular architecture.

It has multiple connectors which can be used to access physical memory:

  • qemu: access QEMU physical memory
  • kvm
  • pcileech: access pcileech interface
  • coredump: access Microsoft Windows Coredump files

Requirements

  • memflow connector project setup
  • root privileges
  • Platform: Windows/Linux

Initialization parameters

  • memflow_connector_name: required
  • memflow_connector_args: optional
  • vm_name: optional, will be used if memflow_connector_name=qemu