Virtualization and Forensics

A Digital Forensic Investigator’s Guide to Virtual Environments

By

  • Diane Barrett, CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
  • Greg Kipper, is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.
View full description

Audience

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

 

Book information

  • Published: May 2010
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-557-8


Table of Contents


Acknowledgments

Introduction

About the Authors

Part 1 Virtualization

    Chapter 1 How Virtualization Happens

         Physical Machines

         How Virtualization Works

         Hypervisors

         Main Categories of Virtualization

         Benefits of Virtualization

         Cost of Virtualization

         Summary

         References

         Bibliography

    Chapter 2 Server Virtualization

         What Is Server Virtualization?

         Differences between Desktop and Server Virtualization

         Common Virtual Servers

         Summary

         References

         Bibliography

    Chapter 3 Desktop Virtualization

         What Is Desktop Virtualization?

         Common Virtual Desktops

         Virtual Appliances and Forensics

         Virtual Desktops as a Forensic Platform

         Summary

         Bibliography

    Chapter 4 Portable Virtualization, Emulators, and Appliances

         MojoPac

         MokaFive

         Preconfigured Virtual Environments

         Virtual Appliance Providers

         JumpBox Virtual Appliances

         VirtualBox

         Virtualization Hardware Devices

         Virtual Privacy Machine

         Virtual Emulators

         Future Development

         Summary

         References

         Bibliography

Part 2 Forensics

    Chapter 5 Investigating Dead Virtual Environments

         Install Files

         Remnants

         Registry

         Microsoft Disk Image Formats

         Data to Look for

         Investigator Tips

         Summary

         References

         Bibliography

    Chapter 6 Investigating Live Virtual Environments

         The Fundamentals of Investigating Live Virtual Environments

         Artifacts

         Processes and Ports

          Log Files

         VM Memory Usage

         Memory Analysis 121

         ESXi Analysis

         Microsoft Analysis Tools

         Moving Forward

         Summary

         References

         Bibliography

    Chapter 7 Finding and Imaging Virtual Environments

         Detecting Rogue Virtual Machines

         Is It Real or Is It Memorex?

         Imaging Virtual Machines

         Snapshots

         VMotion

         Identification and Conversion Tools

         Environment to Environment Conversion

         Summary

         References

         Bibliography

Part 3 Advanced Virtualization

    Chapter 8 Virtual Environments and Compliance

         Standards

         Compliance

         Organizational Chain of Custody

         Data Retention Policies

         Summary

         References

         Bibliography

    Chapter 9 Virtualization Challenges

         Data Centers

         Security Considerations

         Malware and Virtualization

         Red Pill, Blue Pill, No Pill

         Additional Challenges

         Virtualization Drawbacks

         Summary

         References

         Bibliography

    Chapter 10 Cloud Computing and the Forensic Challenges

         What Is Cloud Computing?

         Cloud Computing Services

         Streaming Operating Systems

         Application Streaming

         Virtual Applications

         Cloud Computing, Virtualization, and Security

         Cloud Computing and Forensics

         Summary

         Bibliography

    Chapter 11 Visions of the Future: Virtualization and Cloud Computing

         Future of Virtualization

         The Evolving Cloud

         Autonomic Computing

         Summary

         Bibliography

Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations

Glossary

Index