Live Digital Forensics in a Virtual Machine
Traditional computer forensics is performed towards physical machines, using a set of forensic tools to acquire disk images and memory dumps. But it is much more different to deal with virtual machines. Live forensics is used to acquire volatile data and improve efficiency, but how to perform live forensics on a subject system with virtual machines hosted in? This paper discusses how virtual machines can be used both as forensic evidence and tools, proposes methods of how to collect data associated with virtual machines from the host system, and discusses methods and tools of how to boot the acquired subject system OS into a virtual machine.
digital forensics live forensics virtual machine memory acquisition
Lei Zhang Dong Zhang Lianhai Wang
Laboratory of Computer Forensics Shandong Computer Science Cente: Jinan, China Qingdao Technological University Qingdao, China Laboratory of Computer Forensics Shandong Computer Science Center Jinan, China
国际会议
太原
英文
328-332
2010-10-22(万方平台首次上网日期,不代表论文的发表时间)