Virtualization and Forensics

1st Edition

A Digital Forensic Investigator’s Guide to Virtual Environments

Authors: Diane Barrett Greg Kipper
Paperback ISBN: 9781597495578
eBook ISBN: 9781597495585
Imprint: Syngress
Published Date: 18th May 2010
Page Count: 272
45.95 + applicable tax
36.99 + applicable tax
59.95 + applicable tax
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems.
The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology

Readership

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Table of Contents

Acknowledgments Introduction About the Authors Part 1 Virtualization Chapter 1 How Virtualization Happens Physical Machines How Virtualization Works Hypervisors Main Categories of Virtualization Benefits of Virtualization Cost of Virtualization Summary References Bibliography Chapter 2 Server Virtualization What Is Server Virtualization? Differences between Desktop and Server Virtualization Common Virtual Servers Summary References Bibliography Chapter 3 Desktop Virtualization What Is Desktop Virtualization? Common Virtual Desktops Virtual Appliances and Forensics Virtual Desktops as a Forensic Platform Summary Bibliography Chapter 4 Portable Virtualization, Emulators, and Appliances MojoPac MokaFive Preconfigured Virtual Environments Virtual Appliance Providers JumpBox Virtual Appliances VirtualBox Virtualization Hardware Devices Virtual Privacy Machine Virtual Emulators Future Development Summary References Bibliography Part 2 Forensics Chapter 5 Investigating Dead Virtual Environments Install Files Remnants Registry Microsoft Disk Image Formats Data to Look for Investigator Tips Summary References Bibliography Chapter 6 Investigating Live Virtual Environments The Fundamentals of Investigating Live Virtual Environments Artifacts Processes and Ports Log Files VM Memory Usage Memory Analysis 121 ESXi Analysis Microsoft Analysis Tools Moving Forward Summary References Bibliography Chapte

Details

No. of pages:
272
Language:
English
Copyright:
© Syngress 2010
Published:
Imprint:
Syngress
eBook ISBN:
9781597495585
Paperback ISBN:
9781597495578

About the Author

Diane Barrett

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Affiliations and Expertise

CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Greg Kipper

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Affiliations and Expertise

is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Awards

Best Digital Forensics Books 2011, InfoSec Reviews

Reviews

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.