Synopses & Reviews
Virtualization creates new and difficult challenges for forensic investigations. Operating systems and applications running in virtualized environments often leave few traces, yielding little evidence with which to conduct an investigation.
Virtualization and Forensics offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III address advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. After reading this book, you’ll be equipped to conduct investigations in these environments with confidence.
- Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
- Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
- Explores trends and emerging technologies surrounding virtualization technology
Synopsis
Virtualized environments are growing quicker than the predicted pace, and according to O'Reilly's computer book market report, they are the second largest computer book topic in terms of sales for 2008 with a growth of 63%. With more companies using virtual servers and environments, the ability to handle forensic data in this environment will be a necessity. This book provides forensic investigators end-to-end knowledge of examinations in server, desktop, and portable environments, including the leaders in the market: VMware, Microsoft, and Citrix.
Provides forensic investigators end-to-end knowledge of examinations in server, desktop, and portable environments including: VMWare, Microsoft, and Citrix
Author Diane Barrett is a world-renowned speaker and trainer on forensic investigations in virtual environments
Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
Synopsis
Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this guide gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun. It covers technological advances in virtualization tools, methods, and issues in digital forensic investigations, and explores trends and emerging technologies surrounding virtualization technology.
This book consists of three parts. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.
This book will be a valuable resource for forensic investigators (corporate and law enforcement) and incident response professionals.
- Named a 2011 Best Digital Forensics Book by InfoSec Reviews
- Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
- Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
- Explores trends and emerging technologies surrounding virtualization technology
Synopsis
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. Virtualization and Forensics explores all the newest methods for virtualized environments and the implications they have on the world of forensics. The book begins by explaining the different types of virtualization, then how virtualization affects the basic forensic process. It describes common methods to find virtualization artifacts on dead drives, live analysis and identify virtual activities that affect the examination process of virtualized environments. Finally, it will address virtualization issues such as security, data retention policies, and where the world of virtualization is headed.
Provides forensic investigators end-to-end knowledge of examinations in server, desktop, and portable environments including: VMWare, Microsoft, and Citrix
Author Diane Barrett is a world-renowned speaker and trainer on forensic investigations in virtual environments
Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
Synopsis
A digital forensic investigator's guide to virtual environments.
About the Author
Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.Greg Kipper (CISSP) is a Senior Security Engineer with Tenacity Solutions Incorporated. Tenacity is a woman-owned, small business that is headquartered in Reston, VA, that specializes in information security and information assurance. Greg has been involved in the field of security and information assurance over the past 13 years. Through his experiences in the security sector as a systems engineer, security analyst, and consultant, he moved into the emerging field of digital forensics. The last seven years of his career have been spent on working on forensic investigations studying the future of technologies and their forensic impact of that data to the process of evidence. Some of his notable works include the books Investigator's Guide to Steganography, Wireless Crime and Forensic Investigation, and the upcoming Proactive Forensics as well as a Congressional report outlining technical methods of reducing the risk of insider threats. Greg continues to actively contribute to the fields of security and digital forensics by giving lectures annually at DoD Cybercrime, TechnoSecurity, and TechnoForensics.
l forensics by giving lectures annually at DoD Cybercrime, TechnoSecurity, and TechnoForensics.
Table of Contents
PART 1. VIRTUALIZATION Chapter 1. How Virtualization Happens Chapter 2. Server Virtualization Chapter 3. Desktop Virtualization Chapter 4. Portable Virtualization, Emulators, and Appliances
PART 2. FORENSICS Chapter 5. Investigating Dead Virtual Environments Chapter 6. Investigating Live Virtual Environments Chapter 7. Finding and Imaging Virtual Environments
PART 3. ADVANCED VIRTUALIZATION Chapter 8. Virtual Environments and Compliance Chapter 9. Virtualization Challenges Chapter 10. Cloud Computing and the Forensic Challenges Chapter 11. Visions of the Future: Virtualization and Cloud Computing Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations