Memory dumps that are acquired while the system is running often contain inconsistencies like page smearing which hamper the analysis. One possibility to avoid inconsistencies is to pause the system during the acquisition and take an instantaneous memory dump. While this is possible for virtual machines, most systems cannot be frozen and thus the ideal dump can only be quasi-instantaneous, i.e., consistent despite the system running. In this article, we introduce a method allowing us to measure quasi-instantaneous consistency and show both, theoretically, and practically, that our method is valid but that in reality, dumps can be but usually are not quasi-instantaneously consistent. For the assessment, we run a pivot program enabling the evaluation of quasi-instantaneous consistency for its heap and allowing us to pinpoint where exactly inconsistencies occurred.

翻译：系统运行时获取的内存转储常包含页面涂抹等不一致性问题，这阻碍了分析工作。避免不一致性的方法之一是在获取转储时暂停系统，从而获取瞬时内存转储。虽然这对虚拟机可行，但大多数系统无法冻结，因此理想转储只能做到准瞬时，即尽管系统在运行，转储仍保持一致。本文提出一种方法，使我们能够衡量准瞬时一致性，并从理论和实践两方面证明该方法的有效性。然而实际中，内存转储可以是（但通常不是）准瞬时一致的。为进行评估，我们运行一个枢轴程序，该程序能够评估其堆的准瞬时一致性，并使我们能够精确定位不一致性发生的具体位置。