Guest configuration

This section describes how to configure the guest environment that will be used for recording. Notably, this includes:

  • Reducing the background OS activity to what is strictly necessary, to avoid recording irrelevant processes. For example:
    • Disabling background services,
    • Deactivating anti-viruses,
    • etc.
  • Ensuring REVEN can reconstruct OS-Specific Information (OSSI) from the scenario once recorded, for instance:
    • Disabling certain security features which hinder kernel memory querying.
    • On Linux, populating the VM with debug binaries for symbol retrieval.

As the processes are very different from one OS to another, they are separated: