The Association of Digital Forensics, Security and Law (ADFSL)
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will explain how virtualization affects the basic forensic process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process of certain virtualized user environments.
 Gartner Research, The Server Virtualization Management Marketplace. Publication Date: 19 February 2008, ID Number: G00154109.
 Gammage, B., Shiffler III, G. Report Highlight for Dataquest Insight: PC Virtualization Forecast Scenarios. Gartner Research, Publication Date: 8 August 2007 ID Number: G00150832.
 Ferrie, P. n.d. Attacks on More Virtual Machine Emulators. www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf.
 Paravirtualization API Version 2.5. Copyright 2005, 2006, VMware, Inc. www.vmware.com/pdf/vmi_specs.pdf.
 Understanding Full Virtualization Paravirtualization and Hardware Assist. www.vmware.com/files/pdf/VMware_paravirtualization.pdf.
 The VMI virtualization interface. http://lwn.net/Articles/175706/. Posted March 15, 2006 by corbet.
 Rutkowski, J. Red Pill... or how to detect VMM using (almost) one CPU
"Trends in Virtualized User Environments,"
Journal of Digital Forensics, Security and Law: Vol. 3
, Article 1.
Available at: http://commons.erau.edu/jdfsl/vol3/iss2/1