Any thoughts or experiences on implications in the courtroom if VMware Workstation (or any VM product) was being hosted by an unsupported operating system (i.e. a flavor of Linux not listed
I am setting up a machine which will primarily be used to run VMware for the purpose of malware analysis, testing and viewing evidence images.
As I am considering a host operating system for VMware Workstation 7, I consider Linux. While doing some research, I came up with the above question.
Thank you.
So you are going to purposely setup an environment that throws doubt on your methodology or requires an inordinate amount of research to verify that it has no effect on your findings?
Why?
No, I am going to choose a flavor of linux or windows that IS supported. I checked the supported OS list because I wanted to choose one that was supported. In doing so, I began thinking of the problems that would be associated with using one that wasn't supported.
Consider someone using a flavor of Linux for a forensic workstation who decides to install VMware. They install VMware fine and produce some analysis that they testify to… and it comes out that the product they were running is not "supported" on the OS, even though it works.
It is more of a theoretical question, but I could see it applicable.
There is always the possibility of a Daubert challenge. One of the two prongs in Daubert is whether the methodology is supported/accepted by peers which, in broad terms, could include the vendor of the software that you are using.
If they state, explicitly, that they do not support running on your version of the OS, then you are at risk.
Even if you can demonstrate that the kernel, libraries, etc., are identical, you're still costing your client money by virtue of the need to rationalize your approach.
My two cents worth, anyway.
Thank you for your comment, seanmcl.
Although the v7 release notes don't explicitly state they are NOT supported,
The
If anything, I hope this thread will get others thinking about this before setting up their boxes.