• DocumentCode
    2833110
  • Title

    Live digital forensics in a virtual machine

  • Author

    Zhang, Lei ; Zhang, Dong ; Wang, Lianhai

  • Author_Institution
    Shandong Comput. Sci. Center, Lab. of Comput. Forensics, Jinan, China
  • Volume
    4
  • fYear
    2010
  • fDate
    22-24 Oct. 2010
  • Abstract
    Traditional computer forensics is performed towards physical machines, using a set of forensic tools to acquire disk images and memory dumps. But it is much more different to deal with virtual machines. Live forensics is used to acquire volatile data and improve efficiency, but how to perform live forensics on a subject system with virtual machines hosted in? This paper discusses how virtual machines can be used both as forensic evidence and tools, proposes methods of how to collect data associated with virtual machines from the host system, and discusses methods and tools of how to boot the acquired subject system OS into a virtual machine.
  • Keywords
    computer forensics; virtual machines; computer forensics; digital forensics; disk image; forensic tool; host system; memory acquisition; memory dump; physical machine; subject system; virtual machine; volatile data; Cryptography; Forensics; Nonvolatile memory; Random access memory; Workstations; digital forensics; live forensics; memory acquisition; virtual machine;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Application and System Modeling (ICCASM), 2010 International Conference on
  • Conference_Location
    Taiyuan
  • Print_ISBN
    978-1-4244-7235-2
  • Electronic_ISBN
    978-1-4244-7237-6
  • Type

    conf

  • DOI
    10.1109/ICCASM.2010.5620364
  • Filename
    5620364
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2833110