We recently had a couple security events occur and we immediately took a snapshot of the VM as we wanted to preserve as much of the data as we could. Now we would like to send it to a 3rd party forensics team to determine the level of compromise.
My questions is, is sending them a copy of the snapshot file sufficient for them to perform a forensics analysis?
What files are required for a VM to be powered on?
Any help with this would be greatly appreciated!