Title :
Virtual machine memory forensics
Author :
Huseinovic, Alvin ; Ribic, Samir
Author_Institution :
Fac. of Electr. Eng., Univ. of Sarajevo, Sarajevo, Bosnia-Herzegovina
Abstract :
Physical memory can contain various data such as user passwords, encryption keys, web browser activity and other traces interesting for forensic analysis. Virtual machine physical memory is usually presented as a file on a host operating system. In this paper, the obtaining and analyzing of the virtual machine memory dump are presented.
Keywords :
digital forensics; operating systems (computers); virtual machines; virtual storage; Web browser activity; encryption keys; host operating system; user passwords; virtual machine memory dump; virtual machine physical memory forensic analysis; Computers; Data structures; Forensics; Operating systems; Virtual machine monitors; Virtual machining; Virtualization; VMware; Volatility framework; forensic analysis; memory dump; snapshot; virtualbox;
Conference_Titel :
Telecommunications Forum (TELFOR), 2013 21st
Conference_Location :
Belgrade
Print_ISBN :
978-1-4799-1419-7
DOI :
10.1109/TELFOR.2013.6716386
