Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this guide gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun. It covers technological advances in virtualization tools, methods, and issues in digital forensic investigations, and explores trends and emerging technologies surrounding virtualization technology.
This book consists of three parts. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.
This book will be a valuable resource for forensic investigators (corporate and law enforcement) and incident response professionals.
- Named a 2011 Best Digital Forensics Book by InfoSec Reviews
- Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
- Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
- Explores trends and emerging technologies surrounding virtualization technology
Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.
About the Authors
Part 1 Virtualization
Chapter 1 How Virtualization Happens
How Virtualization Works
Main Categories of Virtualization
Benefits of Virtualization
Cost of Virtualization
Chapter 2 Server Virtualization
What Is Server Virtualization?
Differences between Desktop and Server Virtualization
Common Virtual Servers
Chapter 3 Desktop Virtualization
What Is Desktop Virtualization?
Common Virtual Desktops
Virtual Appliances and Forensics
Virtual Desktops as a Forensic Platform
Chapter 4 Portable Virtualization, Emulators, and Appliances
Preconfigured Virtual Environments
Virtual Appliance Providers
JumpBox Virtual Appliances
Virtualization Hardware Devices
Virtual Privacy Machine
Part 2 Forensics
Chapter 5 Investigating Dead Virtual Environments
Microsoft Disk Image Formats
Data to Look for
Chapter 6 Investigating Live Virtual Environments
The Fundamentals of Investigating Live Virtual Environments
Processes and Ports
VM Memory Usage
Memory Analysis 121
Microsoft Analysis Tools
Chapter 7 Finding and Imaging Virtual Environments
Detecting Rogue Virtual Machines
Is It Real or Is It Memorex?
Imaging Virtual Machines
Identification and Conversion Tools
Environment to Environment Conversion
Part 3 Advanced Virtualization
Chapter 8 Virtual Environments and Compliance
Organizational Chain of Custody
Data Retention Policies
Chapter 9 Virtualization Challenges
Malware and Virtualization
Red Pill, Blue Pill, No Pill
Chapter 10 Cloud Computing and the Forensic Challenges
What Is Cloud Computing?
Cloud Computing Services
Streaming Operating Systems
Cloud Computing, Virtualization, and Security
Cloud Computing and Forensics
Chapter 11 Visions of the Future: Virtualization and Cloud Computing
Future of Virtualization
The Evolving Cloud
Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations
- No. of pages:
- © Syngress 2010
- 18th May 2010
- eBook ISBN:
- Paperback ISBN:
Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."
is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."
Best Digital Forensics Books 2011, InfoSec Reviews