Skip to main content
SpringerLink
Log in

Virtual Machine for Computer Forensics – the Open Source Perspective

  • Conference paper
  • First Online:
Open Source Software for Digital Forensics

Abstract

In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. We argue that commercial closed source computer forensics software has certain limitations, and we propose a method which may lead to gradual shift to open source software (OSS). A brief overview of virtual environments and open source software tools is presented and discussed. Further we identify current limitations of virtual environments leading to the conclusion that the method is very promising, but at this point in time it can not replace conventional techniques of computer forensics analysis. We demonstrate that using Virtual Machines (VM) in Linux environments can complement the conventional techniques, and often can bring faster and verifiable results not dependent on proprietary, close source tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AMD (2008) AMD Industry Leading Virtualization Platform Efficiency http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_8796_14287,00.html Accessed 10 November 2007

  2. Bochs IA-32 Emulator (2007) http://bochs.sourceforge.net/. Accessed 12 January 2008

  3. Kernel Based Virtual Machine (2008) http://kvm.qumranet.com/kvmwiki/Front_Page. Accessed 22 January 2008

  4. Linux-VServer (2008) http://linux-vserver.org/Welcome_to_Linux-VServer.org. Accessed on 30 January 2008

  5. Mandriva (2008) http://www.mandriva.com/. Accessed 12 February 2008

  6. Microsoft (2007) Microsoft Product Activation for Windows Vista® and Windows Server® 2008 (2008)

    Google Scholar 

  7. Microsoft (2007) Microsoft Virtual PC 2007 (2007) http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx. Accessed 23 August 2007

  8. Microsoft (2007) Microsoft Windows Genuine Advantage, Reported OEM BIOS Hacks http://blogs.msdn.com/wga/archive/2007/04/10/reported-oem-bios-hacks.aspx. Accessed 12 March 2008

  9. openSUSE (2008) http://www.opensuse.org/. Accessed 2 February 2008

  10. OpenVZ (2008) http://openvz.org/. Accessed 16 January 2008

  11. Sun Microsystems Virtualization (2008) http://www.sun.com/software/solaris/virtualization.jsp. Accessed 1 March 2008

  12. Sun xVM VirtualBox (2008) http://www.sun.com/software/products/virtualbox/index.jsp. Accessed 4 April 2008

  13. VMWare (2007) http://www.vmware.com/. Accessed 22 November 2007

  14. Xen (2008) http://xen.org/. Accessed 15 February 2008

  15. Bem D, Feld F, Huebner E et al (2008) Computer Forensics - Past, Present and Future. Journal of Information Science and Technology, Volume 5 Issue 3

    Google Scholar 

  16. Bem D, Huebner E (2007) Analysis of USB Flash Drives in a Virtual Environment. Small Scale Digital Device Forensic Journal, Volume 1 Issue 1

    Google Scholar 

  17. Bem D, Huebner E (2007) Computer Forensics Analysis in Virtual Environments. International Journal of Digital Evidence, Volume 6 Issue 2

    Google Scholar 

  18. Carrier B (2005) File System Forensic Analysis. Addison-Wesley, Upper Saddle River

    Google Scholar 

  19. Carrier B (2007) The Sleuth Kit. http://www.sleuthkit.org/sleuthkit/desc.php. Accessed 1 February 2007

  20. Carvey H (2007) Windows Forensic Analysis. Syngress, Rockland

    Google Scholar 

  21. Chao L (2006) Intel Virtualization Technology. Intel Technology Journal, doi: 10.1535/itj.1003

    Google Scholar 

  22. DuCharme B (1994) The Operating Systems Handbook. McGraw-Hill Companies, New York

    Google Scholar 

  23. Farmer D, Venema W (2005) Forensic Discovery. Addison-Wesley, Upper Saddle River

    Google Scholar 

  24. Grundy BJ (2008) The Law Enforcement and Forensic Examiner’s Introduction to Linux, A Beginner’s Guide. http://www.linuxleo.com/Docs/linuxintro-LEFE-3.65.pdf. Accessed on 17 September 2008

  25. Hart SV (2004) Forensic Examination of Digital Evidence: A Guide for Law Enforcement. www.ncjrs.gov/pdffiles1/nij/199408.pdf. Accessed on 7 March 2007

  26. Maguire J (2008) Hottest IT Job Market: Virtualization. Datamation. http://itmanagement.earthweb.com/career/article.php/3746776/Hottest+IT+Job+Market:+Virtualization.htm. Accessed on 17 June 2008

  27. McKemmish R (1999) What is Forensic Computing? Trends & Issues in Crime And Criminal Justice, Australian Institute of Criminology

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Forensis Consulting, 324 GWH, Warrimoo, NSW, 2774, Australia

    Derek Bem

Authors
  1. Derek Bem
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Derek Bem .

Editor information

Editors and Affiliations

  1. Computer Forensis Consulting, Great Western Highway 324, Warrimoo, 2774, Australia

    Ewa Huebner

  2. Dipto. Elettronica e Informazione (DEI), Politecnico di Milano, Via Ponzio 34/5, Milano, 20133, Italy

    Stefano Zanero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this paper

Cite this paper

Bem, D. (2010). Virtual Machine for Computer Forensics – the Open Source Perspective. In: Huebner, E., Zanero, S. (eds) Open Source Software for Digital Forensics. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5803-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-5803-7_3

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-5802-0

  • Online ISBN: 978-1-4419-5803-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation