Debugger Log Reading Techniques (Part 1)
Debugger logs (textual output) from commands like !process 0 ff and various scripts can be very long and consist of thousands of pages. I found the following reading technique useful for my daily memory dump analysis activities:
CSA-QSA
Checklists-Skim-Analyze—Questions-Survey-Analyze
1. First, have a checklist
2. Skim through the log several times
3. Write analysis notes
4. Have a list of questions based on problem description and steps 1-3
5. Survey the log
6. Write analysis notes
Repeat steps 2,3 and 5,6 if necessary.
This technique can also be applied to reading any large logs, for example, voluminous CDF or ETW traces.
- Dmitry Vostokov @ DumpAnalysis.org -