Virtualization and Forensics

Virtualization and Forensics

A Digital Forensic Investigator’s Guide to Virtual Environments

1st Edition - May 18, 2010

Write a review

  • Authors: Diane Barrett, Greg Kipper
  • eBook ISBN: 9781597495585
  • Paperback ISBN: 9781597495578

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Available
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this guide gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun. It covers technological advances in virtualization tools, methods, and issues in digital forensic investigations, and explores trends and emerging technologies surrounding virtualization technology. This book consists of three parts. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. This book will be a valuable resource for forensic investigators (corporate and law enforcement) and incident response professionals.

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology

Readership

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Table of Contents


  • Acknowledgments

    Introduction

    About the Authors

    Part 1 Virtualization

        Chapter 1 How Virtualization Happens

             Physical Machines

             How Virtualization Works

             Hypervisors

             Main Categories of Virtualization

             Benefits of Virtualization

             Cost of Virtualization

             Summary

             References

             Bibliography

        Chapter 2 Server Virtualization

             What Is Server Virtualization?

             Differences between Desktop and Server Virtualization

             Common Virtual Servers

             Summary

             References

             Bibliography

        Chapter 3 Desktop Virtualization

             What Is Desktop Virtualization?

             Common Virtual Desktops

             Virtual Appliances and Forensics

             Virtual Desktops as a Forensic Platform

             Summary

             Bibliography

        Chapter 4 Portable Virtualization, Emulators, and Appliances

             MojoPac

             MokaFive

             Preconfigured Virtual Environments

             Virtual Appliance Providers

             JumpBox Virtual Appliances

             VirtualBox

             Virtualization Hardware Devices

             Virtual Privacy Machine

             Virtual Emulators

             Future Development

             Summary

             References

             Bibliography

    Part 2 Forensics

        Chapter 5 Investigating Dead Virtual Environments

             Install Files

             Remnants

             Registry

             Microsoft Disk Image Formats

             Data to Look for

             Investigator Tips

             Summary

             References

             Bibliography

        Chapter 6 Investigating Live Virtual Environments

             The Fundamentals of Investigating Live Virtual Environments

             Artifacts

             Processes and Ports

              Log Files

             VM Memory Usage

             Memory Analysis 121

             ESXi Analysis

             Microsoft Analysis Tools

             Moving Forward

             Summary

             References

             Bibliography

        Chapter 7 Finding and Imaging Virtual Environments

             Detecting Rogue Virtual Machines

             Is It Real or Is It Memorex?

             Imaging Virtual Machines

             Snapshots

             VMotion

             Identification and Conversion Tools

             Environment to Environment Conversion

             Summary

             References

             Bibliography

    Part 3 Advanced Virtualization

        Chapter 8 Virtual Environments and Compliance

             Standards

             Compliance

             Organizational Chain of Custody

             Data Retention Policies

             Summary

             References

             Bibliography

        Chapter 9 Virtualization Challenges

             Data Centers

             Security Considerations

             Malware and Virtualization

             Red Pill, Blue Pill, No Pill

             Additional Challenges

             Virtualization Drawbacks

             Summary

             References

             Bibliography

        Chapter 10 Cloud Computing and the Forensic Challenges

             What Is Cloud Computing?

             Cloud Computing Services

             Streaming Operating Systems

             Application Streaming

             Virtual Applications

             Cloud Computing, Virtualization, and Security

             Cloud Computing and Forensics

             Summary

             Bibliography

        Chapter 11 Visions of the Future: Virtualization and Cloud Computing

             Future of Virtualization

             The Evolving Cloud

             Autonomic Computing

             Summary

             Bibliography

    Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations

    Glossary

    Index




Product details

  • No. of pages: 272
  • Language: English
  • Copyright: © Syngress 2010
  • Published: May 18, 2010
  • Imprint: Syngress
  • eBook ISBN: 9781597495585
  • Paperback ISBN: 9781597495578

About the Authors

Diane Barrett

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Affiliations and Expertise

CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Greg Kipper

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Affiliations and Expertise

Futurist and Strategic Forecaster in Emerging Technologies

Ratings and Reviews

Write a review

There are currently no reviews for "Virtualization and Forensics"