Forums
Main Category
General (Technical,...
Virtualization fore...
 
Notifications
Clear all

Virtualization forensics: How it is different?

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by joachimm 15 years ago
13 Posts
4 Users
0 Reactions
755 Views
RSS
 amilads
(@amilads)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 16/11/2010 2:08 pm  

Any one can give some ideas about what are the major differences between Virtualization forensics(analysis) and traditional forensic investigation methods? According to you experience. Your comments on this article is very much appreciated. Thanks D


   
Quote
 joachimm
(@joachimm)
Estimable Member
Joined: 17 years ago
Posts: 181
16/11/2010 5:52 pm  

Your comments on this article is very much appreciated.

What article ?


   
ReplyQuote
 amilads
(@amilads)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 16/11/2010 7:40 pm  

Oh Sorry,joachimm.Lets say "comments about this post"…thanks


   
ReplyQuote
 amilads
(@amilads)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 16/11/2010 8:11 pm  

Stranded forensic analysis methodology involves four key steps. They are, preserving the chin of custody,data acquisition,analyzing the acquired data and determining the answer for the aforementioned question who did what, when,where and how. These steps can be directly affected in a virtual machine forensic investigation. It can make either all four steps nearly impossible or merely possible but difficult.


   
ReplyQuote
 joachimm
(@joachimm)
Estimable Member
Joined: 17 years ago
Posts: 181
16/11/2010 8:16 pm  

Any one can give some ideas about what are the major differences between Virtualization forensics(analysis) and traditional forensic investigation methods?

OK next question what type of virtualisation, e.g. Virtual Machine (system emulation)e.g. VMWare, executable virtualization (Java JRE/.Net CRL), other type of virtualization ?

I'm assuming you're addressing the Virtual Machine (system emulation) but let's be sure.


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
16/11/2010 8:23 pm  

Virtualized environments are not terribly different than "standard" (hate that term) forensics. Still have to develop a method and course of action for the investigation.

What have your experiences been so far?


   
ReplyQuote
 joachimm
(@joachimm)
Estimable Member
Joined: 17 years ago
Posts: 181
16/11/2010 8:24 pm  

These steps can be directly affected in a virtual machine forensic investigation.

So can they on a physical machine. You always should take mitigating factors into account.


   
ReplyQuote
 amilads
(@amilads)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 16/11/2010 9:31 pm  

OK next question what type of virtualisation, e.g. Virtual Machine (system emulation)e.g. VMWare, executable virtualization (Java JRE/.Net CRL), other type of virtualization ?

Lets say "Virtualbox"


   
ReplyQuote
 amilads
(@amilads)
Active Member
Joined: 15 years ago
Posts: 7
Topic starter 16/11/2010 9:32 pm  

"You always should take mitigating factors into account"
Wut are the mitigating factors??


   
ReplyQuote
 joachimm
(@joachimm)
Estimable Member
Joined: 17 years ago
Posts: 181
16/11/2010 9:45 pm  

"You always should take mitigating factors into account"
Wut are the mitigating factors??

With mitigating factors I mean a wide variety of things (just a short list)
* behaviour of applications and how artefacts e.g. timestamps came to be
* who had access to the (virtual) system/who didn't
* could the systems have been cleared of artefacts or artefacts been falsified/modified
* artefacts collected from other sources
* etc.


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: