Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems.
The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.
- Named a 2011 Best Digital Forensics Book by InfoSec Reviews
- Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
- Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
- Explores trends and emerging technologies surrounding virtualization technology
Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.
Acknowledgments Introduction About the Authors Part 1 Virtualization Chapter 1 How Virtualization Happens Physical Machines How Virtualization Works Hypervisors Main Categories of Virtualization Benefits of Virtualization Cost of Virtualization Summary References Bibliography Chapter 2 Server Virtualization What Is Server Virtualization? Differences between Desktop and Server Virtualization Common Virtual Servers Summary References Bibliography Chapter 3 Desktop Virtualization What Is Desktop Virtualization? Common Virtual Desktops Virtual Appliances and Forensics Virtual Desktops as a Forensic Platform Summary Bibliography Chapter 4 Portable Virtualization, Emulators, and Appliances MojoPac MokaFive Preconfigured Virtual Environments Virtual Appliance Providers JumpBox Virtual Appliances VirtualBox Virtualization Hardware Devices Virtual Privacy Machine Virtual Emulators Future Development Summary References Bibliography Part 2 Forensics Chapter 5 Investigating Dead Virtual Environments Install Files Remnants Registry Microsoft Disk Image Formats Data to Look for Investigator Tips Summary References Bibliography Chapter 6 Investigating Live Virtual Environments The Fundamentals of Investigating Live Virtual Environments Artifacts Processes and Ports Log Files VM Memory Usage Memory Analysis 121 ESXi Analysis Microsoft Analysis Tools Moving Forward Summary References Bibliography Chapte
- No. of pages:
- © Syngress 2010
- 18th May 2010
- eBook ISBN:
- Paperback ISBN:
Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.
Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."
is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."
Best Digital Forensics Books 2011, InfoSec Reviews