Abstract
In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. We argue that commercial closed source computer forensics software has certain limitations, and we propose a method which may lead to gradual shift to open source software (OSS). A brief overview of virtual environments and open source software tools is presented and discussed. Further we identify current limitations of virtual environments leading to the conclusion that the method is very promising, but at this point in time it can not replace conventional techniques of computer forensics analysis. We demonstrate that using Virtual Machines (VM) in Linux environments can complement the conventional techniques, and often can bring faster and verifiable results not dependent on proprietary, close source tools.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AMD (2008) AMD Industry Leading Virtualization Platform Efficiency http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_8796_14287,00.html Accessed 10 November 2007
Bochs IA-32 Emulator (2007) http://bochs.sourceforge.net/. Accessed 12 January 2008
Kernel Based Virtual Machine (2008) http://kvm.qumranet.com/kvmwiki/Front_Page. Accessed 22 January 2008
Linux-VServer (2008) http://linux-vserver.org/Welcome_to_Linux-VServer.org. Accessed on 30 January 2008
Mandriva (2008) http://www.mandriva.com/. Accessed 12 February 2008
Microsoft (2007) Microsoft Product Activation for Windows Vista® and Windows Server® 2008 (2008)
Microsoft (2007) Microsoft Virtual PC 2007 (2007) http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx. Accessed 23 August 2007
Microsoft (2007) Microsoft Windows Genuine Advantage, Reported OEM BIOS Hacks http://blogs.msdn.com/wga/archive/2007/04/10/reported-oem-bios-hacks.aspx. Accessed 12 March 2008
openSUSE (2008) http://www.opensuse.org/. Accessed 2 February 2008
OpenVZ (2008) http://openvz.org/. Accessed 16 January 2008
Sun Microsystems Virtualization (2008) http://www.sun.com/software/solaris/virtualization.jsp. Accessed 1 March 2008
Sun xVM VirtualBox (2008) http://www.sun.com/software/products/virtualbox/index.jsp. Accessed 4 April 2008
VMWare (2007) http://www.vmware.com/. Accessed 22 November 2007
Xen (2008) http://xen.org/. Accessed 15 February 2008
Bem D, Feld F, Huebner E et al (2008) Computer Forensics - Past, Present and Future. Journal of Information Science and Technology, Volume 5 Issue 3
Bem D, Huebner E (2007) Analysis of USB Flash Drives in a Virtual Environment. Small Scale Digital Device Forensic Journal, Volume 1 Issue 1
Bem D, Huebner E (2007) Computer Forensics Analysis in Virtual Environments. International Journal of Digital Evidence, Volume 6 Issue 2
Carrier B (2005) File System Forensic Analysis. Addison-Wesley, Upper Saddle River
Carrier B (2007) The Sleuth Kit. http://www.sleuthkit.org/sleuthkit/desc.php. Accessed 1 February 2007
Carvey H (2007) Windows Forensic Analysis. Syngress, Rockland
Chao L (2006) Intel Virtualization Technology. Intel Technology Journal, doi: 10.1535/itj.1003
DuCharme B (1994) The Operating Systems Handbook. McGraw-Hill Companies, New York
Farmer D, Venema W (2005) Forensic Discovery. Addison-Wesley, Upper Saddle River
Grundy BJ (2008) The Law Enforcement and Forensic Examiner’s Introduction to Linux, A Beginner’s Guide. http://www.linuxleo.com/Docs/linuxintro-LEFE-3.65.pdf. Accessed on 17 September 2008
Hart SV (2004) Forensic Examination of Digital Evidence: A Guide for Law Enforcement. www.ncjrs.gov/pdffiles1/nij/199408.pdf. Accessed on 7 March 2007
Maguire J (2008) Hottest IT Job Market: Virtualization. Datamation. http://itmanagement.earthweb.com/career/article.php/3746776/Hottest+IT+Job+Market:+Virtualization.htm. Accessed on 17 June 2008
McKemmish R (1999) What is Forensic Computing? Trends & Issues in Crime And Criminal Justice, Australian Institute of Criminology
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this paper
Cite this paper
Bem, D. (2010). Virtual Machine for Computer Forensics – the Open Source Perspective. In: Huebner, E., Zanero, S. (eds) Open Source Software for Digital Forensics. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5803-7_3
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5803-7_3
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5802-0
Online ISBN: 978-1-4419-5803-7
eBook Packages: Computer ScienceComputer Science (R0)