Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology


Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Table of Contents

Acknowledgments Introduction About the Authors Part 1 Virtualization     Chapter 1 How Virtualization Happens          Physical Machines          How Virtualization Works          Hypervisors          Main Categories of Virtualization          Benefits of Virtualization          Cost of Virtualization          Summary          References          Bibliography     Chapter 2 Server Virtualization          What Is Server Virtualization?          Differences between Desktop and Server Virtualization          Common Virtual Servers          Summary          References          Bibliography     Chapter 3 Desktop Virtualization          What Is Desktop Virtualization?          Common Virtual Desktops          Virtual Appliances and Forensics          Virtual Desktops as a Forensic Platform          Summary          Bibliography     Chapter 4 Portable Virtualization, Emulators, and Appliances          MojoPac          MokaFive          Preconfigured Virtual Environments          Virtual Appliance Providers          JumpBox Virtual Appliances          VirtualBox          Virtualization Hardware Devices          Virtual Privacy Machine          Virtual Emulators          Future Development          Summary          References          Bibliography Part 2 Forensics     Chapter 5 Investigating Dead Virtual Environments          Install Files          Remnants          Registry          Microsoft Disk Image Formats          Data to Look for          Investigator Tips          Summary          References          Bibliography     Chapter 6 Investigating Live Virtual Environments          The Fundamentals of Investigating Live Virtual Environments          Artifacts          Processes and Ports           Log Files          VM Memory Usage          Memory Analysis 121          ESXi Analysis          Microsoft Analysis Tools          Moving Forward          Summary          References          Bibliography     Chapte


No. of pages:
© 2010
Electronic ISBN:
Print ISBN:

About the authors

Diane Barrett

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Greg Kipper

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."


Best Digital Forensics Books 2011, InfoSec Reviews