RE: WHAT IS THE BEST VM IMAGE FOR A MALWARE LAB? 12-17-2017, 02:06 PM
#3
It does depend on the nature of the malware but generally speaking, you can use the Windows platform.
Whether It be memory analysis by performing a memory acquisition (dump) and analyzing the dump file for forensic artifacts, or using a behavioral approach by executing the malware (Infecting the VM) and analyzing It's effect(s) on the file system using various monitoring tools, Windows will suffice.
You can run simultaneous VMs- Windows & Linux to suit your needs.
Whether It be memory analysis by performing a memory acquisition (dump) and analyzing the dump file for forensic artifacts, or using a behavioral approach by executing the malware (Infecting the VM) and analyzing It's effect(s) on the file system using various monitoring tools, Windows will suffice.
You can run simultaneous VMs- Windows & Linux to suit your needs.
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)