Title :
Forensic acquisition and analysis of VMware virtual machine artifacts
Author :
Meera, V. ; Isaac, M.M. ; Balan, C.
Author_Institution :
Dept. of Comput. Sci., TocH Inst. of Sci. & Technol., Cochin, India
Abstract :
Virtual Forensics is a new trend in the area of computer forensics. Virtualization technology paved the way for the growth of virtual forensics. VMware virtual environment provides a completely virtualized set of hardware to the guest operating system. The features of Virtual Machine make it an interesting platform to commit cyber crimes. The combination of innovative criminal techniques and advanced technologies makes the traditional techniques out-dated for detecting such crimes. This paper discusses how live acquisition can be performed to acquire virtual machine related files from the host operating system. The paper also describes how to analyze these acquired files to obtain raw data stored in various grains. The study is supported by methods that assist forensic examiners by providing valuable information from the raw data which is retrieved from various grains pointed by grain table entries.
Keywords :
computer crime; digital forensics; operating systems (computers); virtual machines; virtualisation; VMware virtual machine artifact; computer forensics; crime detection; cyber crime; forensic acquisition; guest operating system; host operating system; live acquisition; virtual forensics; virtualization technology; Computers; Forensics; Hard disks; Hardware; Operating systems; Virtual machining; Virtualization; VMDK file format; VMware; Virtual Forensics; Virtual machine; Virtualization;
Conference_Titel :
Automation, Computing, Communication, Control and Compressed Sensing (iMac4s), 2013 International Multi-Conference on
Conference_Location :
Kottayam
Print_ISBN :
978-1-4673-5089-1
DOI :
10.1109/iMac4s.2013.6526418
