Virtualization and Forensics book cover

Virtualization and Forensics

A Digital Forensic Investigator’s Guide to Virtual Environments

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.

Audience

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Paperback, 272 Pages

Published: May 2010

Imprint: Syngress

ISBN: 978-1-59749-557-8

Contents


  • Acknowledgments

    Introduction

    About the Authors

    Part 1 Virtualization

        Chapter 1 How Virtualization Happens

             Physical Machines

             How Virtualization Works

             Hypervisors

             Main Categories of Virtualization

             Benefits of Virtualization

             Cost of Virtualization

             Summary

             References

             Bibliography

        Chapter 2 Server Virtualization

             What Is Server Virtualization?

             Differences between Desktop and Server Virtualization

             Common Virtual Servers

             Summary

             References

             Bibliography

        Chapter 3 Desktop Virtualization

             What Is Desktop Virtualization?

             Common Virtual Desktops

             Virtual Appliances and Forensics

             Virtual Desktops as a Forensic Platform

             Summary

             Bibliography

        Chapter 4 Portable Virtualization, Emulators, and Appliances

             MojoPac

             MokaFive

             Preconfigured Virtual Environments

             Virtual Appliance Providers

             JumpBox Virtual Appliances

             VirtualBox

             Virtualization Hardware Devices

             Virtual Privacy Machine

             Virtual Emulators

             Future Development

             Summary

             References

             Bibliography

    Part 2 Forensics

        Chapter 5 Investigating Dead Virtual Environments

             Install Files

             Remnants

             Registry

             Microsoft Disk Image Formats

             Data to Look for

             Investigator Tips

             Summary

             References

             Bibliography

        Chapter 6 Investigating Live Virtual Environments

             The Fundamentals of Investigating Live Virtual Environments

             Artifacts

             Processes and Ports

              Log Files

             VM Memory Usage

             Memory Analysis 121

             ESXi Analysis

             Microsoft Analysis Tools

             Moving Forward

             Summary

             References

             Bibliography

        Chapter 7 Finding and Imaging Virtual Environments

             Detecting Rogue Virtual Machines

             Is It Real or Is It Memorex?

             Imaging Virtual Machines

             Snapshots

             VMotion

             Identification and Conversion Tools

             Environment to Environment Conversion

             Summary

             References

             Bibliography

    Part 3 Advanced Virtualization

        Chapter 8 Virtual Environments and Compliance

             Standards

             Compliance

             Organizational Chain of Custody

             Data Retention Policies

             Summary

             References

             Bibliography

        Chapter 9 Virtualization Challenges

             Data Centers

             Security Considerations

             Malware and Virtualization

             Red Pill, Blue Pill, No Pill

             Additional Challenges

             Virtualization Drawbacks

             Summary

             References

             Bibliography

        Chapter 10 Cloud Computing and the Forensic Challenges

             What Is Cloud Computing?

             Cloud Computing Services

             Streaming Operating Systems

             Application Streaming

             Virtual Applications

             Cloud Computing, Virtualization, and Security

             Cloud Computing and Forensics

             Summary

             Bibliography

        Chapter 11 Visions of the Future: Virtualization and Cloud Computing

             Future of Virtualization

             The Evolving Cloud

             Autonomic Computing

             Summary

             Bibliography

    Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations

    Glossary

    Index




Advertisement

advert image