Title :
Live digital forensics in a virtual machine
Author :
Zhang, Lei ; Zhang, Dong ; Wang, Lianhai
Author_Institution :
Shandong Comput. Sci. Center, Lab. of Comput. Forensics, Jinan, China
Abstract :
Traditional computer forensics is performed towards physical machines, using a set of forensic tools to acquire disk images and memory dumps. But it is much more different to deal with virtual machines. Live forensics is used to acquire volatile data and improve efficiency, but how to perform live forensics on a subject system with virtual machines hosted in? This paper discusses how virtual machines can be used both as forensic evidence and tools, proposes methods of how to collect data associated with virtual machines from the host system, and discusses methods and tools of how to boot the acquired subject system OS into a virtual machine.
Keywords :
computer forensics; virtual machines; computer forensics; digital forensics; disk image; forensic tool; host system; memory acquisition; memory dump; physical machine; subject system; virtual machine; volatile data; Cryptography; Forensics; Nonvolatile memory; Random access memory; Workstations; digital forensics; live forensics; memory acquisition; virtual machine;
Conference_Titel :
Computer Application and System Modeling (ICCASM), 2010 International Conference on
Conference_Location :
Taiyuan
Print_ISBN :
978-1-4244-7235-2
Electronic_ISBN :
978-1-4244-7237-6
DOI :
10.1109/ICCASM.2010.5620364
