Affiliation:
1. Universitá del Piemonte Orientale “A. Avogadro”, Italy
Abstract
In the recent past machine and application virtualization technologies have received a great attention from the IT community, and are being increasingly used both in the Data Center and by the end user. The proliferation of these technologies will result, in the near future, in an increasing number of illegal or inappropriate activities carried out by means of virtual machines, or targeting virtual machines, rather than physical ones. Therefore, appropriate forensic analysis techniques, specifically tailored to virtualization environments, must be developed. Furthermore, virtualization technologies provide very effective anti-forensics capabilities, so specific countermeasures have to be sought as well. In addition to the above problems, however, virtualization technologies provide also the opportunity of developing novel forensic analysis techniques for non-virtualized systems. This chapter discusses the implications on the forensic computing field of the issues, challenges, and opportunities presented by virtualization technologies, with a particular emphasis on the possible solutions to the problems arising during the forensic analysis of a virtualized system.
Reference38 articles.
1. Live forensics
2. Altheide, C., Merloni, C., & Zanero, S. (2008). A methodology for the repeatable forensic analysis of encrypted drives. In Proc. of the ACM 2008 European Worskhop on System Security (EUROSEC 08), Glasgow, Scotland. New York: ACM Press.
3. Anandabrata, P., Husrev, S., & Nasir, M. (2008). Detecting file fragmentation point using sequential hypothesis testing. In Proc. of 8th Annual Digital Forensics Research Workshop.
4. Anson, S., & Bunting, S. (2007). Mastering Windows network forensics and investigation. Indianapolis, IN: Wiley Publishing.
5. Using a virtual security testbed for digital forensic reconstruction