As far as the duration of a scenario is concerned, the most limiting factor will be disk space. If you work on one trace at a time and follow the recommended specs, you can record anywhere between seconds and one or two minutes of activity on Windows 10.
Still, this will heavily depend on the nature of the scenario, the background activity of the recorded VM, and the available disk space when working on that scenario. Below are a few examples of typical scenarios that can be made. Please note that the following numbers correspond to the disk space used by a fully-replayed scenario (all resources generated for analysis). An archived scenario typically only takes a few GiB of disk space.
- A one-second execution of a CLI program’s execution will take about 5-10 GiB.
- A typical windows 10 scenario reading a big file for 30 seconds takes about 250 GiB on disk.
- A malware unpacking and installing on Windows 7, all for a running time for 50 seconds, takes about 150 GiB - Windows 7 tends to generate less undesired activity than Windows 10.
Note that we provide tools to help you keep your scenarios as small as possible: scripts to deactivate unwanted OS services, and automatic binary recording and record slicing with the workflow API.
Comments
0 comments
Please sign in to leave a comment.