Description

Abstract— With the advancement in virtualization technology, virtual machines (VMs) are becoming a common and integral part of datacenters. As the popularity and the use of VMs increases, incidents involving them are also on the rise. There is substantial research on using VMs and virtual appliances to aid forensic investigation, but research on the appropriate forensics procedures for collecting and analyzing evidence within a VM following is lacking. This paper presents a forensically sound way to acquire and analyze VM hard disks. A forensics tool for analyzing VM snapshots and vmdk files is developed and has been proven to be forensically sound.

Date of creation, presentation, or exhibit

2012

Comments

The 2012 International Conference on Security and Management

Document Type

Conference Proceeding

Department, Program, or Center

Information Sciences and Technologies (GCCIS)

Campus

RIT – Main Campus

Share

COinS