REVEN adds very little overhead to the running system during the recording of the execution of the system (a couple of %).
However, the capture is done on a virtualized system using either QEMU or Virtualbox, as such it will be slower than a non-virtualized system.
In addition, during the recording, QEMU must be run in Emulation mode which is slower than in KVM mode.
Remarks:
- To speed up the system and reduce the recording of useless system activities, it is highly recommended to remove some components of the system (ie. Cortana on Windows). We provide a custom script in the installation package for this purpose.
- When you need to prepare your system (install software, etc.) if it highly recommended running QEMU in KVM mode.
- Automating the Recording is a great way to avoid waiting during recording (see https://doc.tetrane.com/latest/Cookbooks/Auto-record-QEMU.html)
Comments
0 comments
Please sign in to leave a comment.