Hello Reader,
One of my favorite features in Azure is how easy it is to work with virtual disk snapshots. When you create a snapshot of a virtual disk (VHD), Azure lets you generate a direct download link for the raw disk—no extra steps needed.
Compare that to other cloud platforms:
-
In AWS, I have to use tools like coldsnap
-
In Google Cloud, I need to convert the snapshot into an image first
But with Azure, it just works.
Want to try it yourself? Here’s how:
Steps to Export a Snapshot in Azure
-
Create a Snapshot
Choose the storage or OS disk you want to analyze.
-
Select "Full Snapshot" otherwise you'll only get recent changes and your forensic tools can't parse it.
-
Click "Export Snapshot"
-
Click "Generate URL"
Azure will create a temporary, signed URL for direct download that will live for one hour. Want it to last longer just add zeros to the expires time.
Use your favorite download tool to grab the file. I usually go with azcopy for speed and reliability.
Also Read: Using AI's to help you with EDR searches
Post a Comment