• DocumentCode
    1924870
  • Title

    Investigating the Implications of Virtual Machine Introspection for Digital Forensics

  • Author

    Nance, Kara ; Bishop, Matt ; Hay, Brian

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Alaska at Fairbanks, Fairbanks, AK
  • fYear
    2009
  • fDate
    16-19 March 2009
  • Firstpage
    1024
  • Lastpage
    1029
  • Abstract
    Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the identification of four initial priority research areas in virtual machine introspection including virtual machine introspection tool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.
  • Keywords
    forensic science; virtual machines; computer forensics; digital forensics; information analysis; nonquiescent virtual machines; virtual machine introspection detection; Availability; Computer science; Computer security; Cryptography; Digital forensics; Hard disks; Information analysis; Kernel; Read-write memory; Virtual machining; Digital Forensics; VMI; Virtual Machine Introspection; Virtualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2009. ARES '09. International Conference on
  • Conference_Location
    Fukuoka
  • Print_ISBN
    978-1-4244-3572-2
  • Electronic_ISBN
    978-0-7695-3564-7
  • Type

    conf

  • DOI
    10.1109/ARES.2009.173
  • Filename
    5066605
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1924870