一个关于计算机取证的 subreddit 讨论如何分析 Proxmox 机器上的 RAM 转储。发帖人尝试使用标准符号文件但未成功,怀疑 Proxmox 的内核是定制的导致问题,并寻求是否需要继续编译 PVE 内核以创建符号文件的帮助。 2025-7-4 10:11:57 Author: www.reddit.com(查看原文) 阅读量:14 收藏
Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. This field involves the application of several information security principles and aims to provide for attribution and event reconstruction following forth from audit processes. This subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (e.g., cellphones, video, etc.).
Wondering if anyone has experience with analysing a RAM dump off of a Proxmox machine. When I use the standard symbols file for the same kernel version as the pve branch, I don't get any results.
My assumption is that proxmox's kernel is custom enough to cause problems.
I've been banging my head against the trying to compile the right pve kernel so I can create a symbols file.
Before continuing my self imposed torture, thought I'd verify if what I'm doing is even required.
如有侵权请联系:admin#unsafe.sh