Virtualization and Forensics

A Digital Forensic Investigator’s Guide to Virtual Environments


  • Diane Barrett, CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
  • Greg Kipper, is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.
View full description


Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.


Book information

  • Published: May 2010
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-557-8

Table of Contents



About the Authors

Part 1 Virtualization

    Chapter 1 How Virtualization Happens

         Physical Machines

         How Virtualization Works


         Main Categories of Virtualization

         Benefits of Virtualization

         Cost of Virtualization




    Chapter 2 Server Virtualization

         What Is Server Virtualization?

         Differences between Desktop and Server Virtualization

         Common Virtual Servers




    Chapter 3 Desktop Virtualization

         What Is Desktop Virtualization?

         Common Virtual Desktops

         Virtual Appliances and Forensics

         Virtual Desktops as a Forensic Platform



    Chapter 4 Portable Virtualization, Emulators, and Appliances



         Preconfigured Virtual Environments

         Virtual Appliance Providers

         JumpBox Virtual Appliances


         Virtualization Hardware Devices

         Virtual Privacy Machine

         Virtual Emulators

         Future Development




Part 2 Forensics

    Chapter 5 Investigating Dead Virtual Environments

         Install Files



         Microsoft Disk Image Formats

         Data to Look for

         Investigator Tips




    Chapter 6 Investigating Live Virtual Environments

         The Fundamentals of Investigating Live Virtual Environments


         Processes and Ports

          Log Files

         VM Memory Usage

         Memory Analysis 121

         ESXi Analysis

         Microsoft Analysis Tools

         Moving Forward




    Chapter 7 Finding and Imaging Virtual Environments

         Detecting Rogue Virtual Machines

         Is It Real or Is It Memorex?

         Imaging Virtual Machines



         Identification and Conversion Tools

         Environment to Environment Conversion




Part 3 Advanced Virtualization

    Chapter 8 Virtual Environments and Compliance



         Organizational Chain of Custody

         Data Retention Policies




    Chapter 9 Virtualization Challenges

         Data Centers

         Security Considerations

         Malware and Virtualization

         Red Pill, Blue Pill, No Pill

         Additional Challenges

         Virtualization Drawbacks




    Chapter 10 Cloud Computing and the Forensic Challenges

         What Is Cloud Computing?

         Cloud Computing Services

         Streaming Operating Systems

         Application Streaming

         Virtual Applications

         Cloud Computing, Virtualization, and Security

         Cloud Computing and Forensics



    Chapter 11 Visions of the Future: Virtualization and Cloud Computing

         Future of Virtualization

         The Evolving Cloud

         Autonomic Computing



Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations