Snapshots generate .vmem and .vmsn files
Suspended VMs commit memory to .vmem and .vmss files
These are both required in the operating directory when using Volatility for analysis.
Last updated 3 years ago
