Live digital forensics in a virtual machine

Traditional computer forensics is performed towards physical machines, using a set of forensic tools to acquire disk images and memory dumps. But it is much more different to deal with virtual machines. Live forensics is used to acquire volatile data and improve efficiency, but how to perform live f...

Full description

Saved in:
Bibliographic Details
Published in2010 International Conference on Computer Application and System Modeling (ICCASM 2010) Vol. 4; pp. V4-328 - V4-332
Main Authors Lei Zhang, Dong Zhang, Lianhai Wang
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2010
Subjects
Cryptography
digital forensics
Forensics
live forensics
memory acquisition
Nonvolatile memory
Random access memory
virtual machine
Workstations
Online AccessGet full text
ISBN9781424472352
1424472350
ISSN2161-9069
DOI10.1109/ICCASM.2010.5620364

Cover

More Information
Summary:Traditional computer forensics is performed towards physical machines, using a set of forensic tools to acquire disk images and memory dumps. But it is much more different to deal with virtual machines. Live forensics is used to acquire volatile data and improve efficiency, but how to perform live forensics on a subject system with virtual machines hosted in? This paper discusses how virtual machines can be used both as forensic evidence and tools, proposes methods of how to collect data associated with virtual machines from the host system, and discusses methods and tools of how to boot the acquired subject system OS into a virtual machine.
ISBN:9781424472352
1424472350
ISSN:2161-9069
DOI:10.1109/ICCASM.2010.5620364