Proposal / Submission Type
Peer Reviewed Paper
Location
Oklahoma City, Oklahoma
Start Date
24-4-2008 3:15 PM
Abstract
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will describe the fundamentals of a traditional forensic investigation and explain how virtualization affects this process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process.
Keywords: Hardware-assisted, Hypervisor, Para-virtualization, Virtual Machine, virtualization, VMware, Moka5, MojoPac, Portable Virtual Privacy Machine, VirtualBox,
Scholarly Commons Citation
Barrett, Diane, "How Virtualized Environments Affect Computer Forensics" (2008). Annual ADFSL Conference on Digital Forensics, Security and Law. 2.
https://commons.erau.edu/adfsl/2008/thursday/2
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
How Virtualized Environments Affect Computer Forensics
Oklahoma City, Oklahoma
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will describe the fundamentals of a traditional forensic investigation and explain how virtualization affects this process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process.
Keywords: Hardware-assisted, Hypervisor, Para-virtualization, Virtual Machine, virtualization, VMware, Moka5, MojoPac, Portable Virtual Privacy Machine, VirtualBox,
