• DocumentCode
    2949457
  • Title

    Virtual machine memory forensics

  • Author

    Huseinovic, Alvin ; Ribic, Samir

  • Author_Institution
    Fac. of Electr. Eng., Univ. of Sarajevo, Sarajevo, Bosnia-Herzegovina
  • fYear
    2013
  • fDate
    26-28 Nov. 2013
  • Firstpage
    940
  • Lastpage
    942
  • Abstract
    Physical memory can contain various data such as user passwords, encryption keys, web browser activity and other traces interesting for forensic analysis. Virtual machine physical memory is usually presented as a file on a host operating system. In this paper, the obtaining and analyzing of the virtual machine memory dump are presented.
  • Keywords
    digital forensics; operating systems (computers); virtual machines; virtual storage; Web browser activity; encryption keys; host operating system; user passwords; virtual machine memory dump; virtual machine physical memory forensic analysis; Computers; Data structures; Forensics; Operating systems; Virtual machine monitors; Virtual machining; Virtualization; VMware; Volatility framework; forensic analysis; memory dump; snapshot; virtualbox;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Telecommunications Forum (TELFOR), 2013 21st
  • Conference_Location
    Belgrade
  • Print_ISBN
    978-1-4799-1419-7
  • Type

    conf

  • DOI
    10.1109/TELFOR.2013.6716386
  • Filename
    6716386
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2949457