in practice, you have a non-networked dvm for analysis and a separate vm for capture. the analysis vm state is refreshed frequently to avoid any malicious persistence.
1 Like
in practice, you have a non-networked dvm for analysis and a separate vm for capture. the analysis vm state is refreshed frequently to avoid any malicious persistence.