Virtualization and Forensics - 1st Edition - ISBN: 9781597495578, 9781597495585

Virtualization and Forensics

1st Edition

A Digital Forensic Investigator’s Guide to Virtual Environments

Authors: Diane Barrett Greg Kipper
Paperback ISBN: 9781597495578
eBook ISBN: 9781597495585
Imprint: Syngress
Published Date: 18th May 2010
Page Count: 272
Tax/VAT will be calculated at check-out
45.95
36.99
59.95
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this guide gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun. It covers technological advances in virtualization tools, methods, and issues in digital forensic investigations, and explores trends and emerging technologies surrounding virtualization technology.

This book consists of three parts. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.

This book will be a valuable resource for forensic investigators (corporate and law enforcement) and incident response professionals.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology

Readership

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Table of Contents


Acknowledgments

Introduction

About the Authors

Part 1 Virtualization

Chapter 1 How Virtualization Happens

Physical Machines

How Virtualization Works

Hypervisors

Main Categories of Virtualization

Benefits of Virtualization

Cost of Virtualization

Summary

References

Bibliography

Chapter 2 Server Virtualization

What Is Server Virtualization?

Differences between Desktop and Server Virtualization

Common Virtual Servers

Summary

References

Bibliography

Chapter 3 Desktop Virtualization

What Is Desktop Virtualization?

Common Virtual Desktops

Virtual Appliances and Forensics

Virtual Desktops as a Forensic Platform

Summary

Bibliography

Chapter 4 Portable Virtualization, Emulators, and Appliances

MojoPac

MokaFive

Preconfigured Virtual Environments

Virtual Appliance Providers

JumpBox Virtual Appliances

VirtualBox

Virtualization Hardware Devices

Virtual Privacy Machine

Virtual Emulators

Future Development

Summary

References

Bibliography

Part 2 Forensics

Chapter 5 Investigating Dead Virtual Environments

Install Files

Remnants

Registry

Microsoft Disk Image Formats

Data to Look for

Investigator Tips

Summary

References

Bibliography

Chapter 6 Investigating Live Virtual Environments

The Fundamentals of Investigating Live Virtual Environments

Artifacts

Processes and Ports

Log Files

VM Memory Usage

Memory Analysis 121

ESXi Analysis

Microsoft Analysis Tools

Moving Forward

Summary

References

Bibliography

Chapter 7 Finding and Imaging Virtual Environments

Detecting Rogue Virtual Machines

Is It Real or Is It Memorex?

Imaging Virtual Machines

Snapshots

VMotion

Identification and Conversion Tools

Environment to Environment Conversion

Summary

References

Bibliography

Part 3 Advanced Virtualization

Chapter 8 Virtual Environments and Compliance

Standards

Compliance

Organizational Chain of Custody

Data Retention Policies

Summary

References

Bibliography

Chapter 9 Virtualization Challenges

Data Centers

Security Considerations

Malware and Virtualization

Red Pill, Blue Pill, No Pill

Additional Challenges

Virtualization Drawbacks

Summary

References

Bibliography

Chapter 10 Cloud Computing and the Forensic Challenges

What Is Cloud Computing?

Cloud Computing Services

Streaming Operating Systems

Application Streaming

Virtual Applications

Cloud Computing, Virtualization, and Security

Cloud Computing and Forensics

Summary

Bibliography

Chapter 11 Visions of the Future: Virtualization and Cloud Computing

Future of Virtualization

The Evolving Cloud

Autonomic Computing

Summary

Bibliography

Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations

Glossary

Index




Details

No. of pages:
272
Language:
English
Copyright:
© Syngress 2010
Published:
Imprint:
Syngress
eBook ISBN:
9781597495585
Paperback ISBN:
9781597495578

About the Author

Diane Barrett

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Affiliations and Expertise

CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Greg Kipper

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Affiliations and Expertise

is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Awards

Best Digital Forensics Books 2011, InfoSec Reviews