Virtual Machine Forensics and Network Forensics - Article Example

Comments (0) Cite this document
According to the paper, a virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER92.4% of users find it useful
Virtual Machine Forensics and Network Forensics
Read TextPreview

Extract of sample "Virtual Machine Forensics and Network Forensics"

Virtual Machine Forensics
A virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware. In digital forensics the user controls each of the virtual machines independently.
Network forensics refers to the capture, storage, and analysis of network traffic. It can be used interchangeably with terms such as packet mining, packet forensics, or digital forensics. Regardless, the concept remains the same i.e. recording packet traffic of emails, database queries, Web browsing to a single searchable network traffic database for detailed examination (Habib).
Network forensics involves:
1) Identifying and responding to attacks against computer systems
2) The utilisation of security devices in gathering evidence data
3) utilising the networks for passive information collection during an investigation
VM examintion
Typical digital forensic investigation is divided into four main stages namely; access, acquire, analyze and report. In the access phase, the examiner records details of the virtual machines. Then makes copies of all data from the running system and generate the forensic image of all storage media a process known as acquisition. The acquired image can be used by forensics tools (open-source or commercial) such as EnCase, Sleuthkit, Live View and FTK to carry out a forensics analysis. VMware has Snapshot feature that permits the examiner to suspend the state of a VM at any specific point of time.
Creating a forensics image of a VM
Traditional computer forensics is conducted in relation to physical machines in generating disk images and memory dumps. In contrast to typical computer forensics, Virtual machine requires live forensics to acquire volatile data and depends on the system hosting the virtual machines. VM simulates basic hardware parts and provides support to a limited range of hardware devices. The created dd image can’t be directly booted in a VM environment.
The VM requires extra files of the environment being booted. There are significant changes needed in the original environment to enable the image to boot in the VM environment. When the system is booted new data will be written to the original image thus modifying it (overwriting of old data). This necessitates the creation of backup copy of the original data. The original data is write-protected. The succeeding phases of data analysis are conducted on this copy leaving the original data untouched.
Other system acquisitions
Typically both FTK imager and EnCase forensic tools need a write blocker device to capture the image a live physical drive. This is not the case with VMware virtual disks. These disks are organized as files and therefore the image can be generated without a write blocker being included. These forensic tools (FTK imager and EnCase) can be used to generate both raw images for VM hard disks and the computed hashes of the raw images. Both tools create the matching MD5 and SHA1 hashes. It is therefore resolved that VM hard disk files can be securely converted to raw/dd images without necessarily using the write block device.
Work cited
Habib, Joe. 'Network Forensics And Digital Time Travel | Hacking | Technewsworld'. N.p., 2006. Web. 27 Apr. 2015.
Huebner, Ewa, and Stefano Zanero. Open Source Software For Digital Forensics. New York: Springer, 2010. Print Read More
Cite this document
  • APA
  • MLA
(“Virtual Machine Forensics and Network Forensics Article”, n.d.)
Retrieved from
(Virtual Machine Forensics and Network Forensics Article)
“Virtual Machine Forensics and Network Forensics Article”, n.d.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Virtual Machine Forensics and Network Forensics

Network Intrusion Detection and Forensics

...? Project Network Intrusion Detection and Forensics Project Aims: Compare and Contrast two or more of a widely used Open Source Network Intrusion Detection Systems (NIDS): Snort and Bro Abstract Computers have come to assume in all aspects of our lives, and the lack of reliable networks in modern computing environments in plainly inconceivable. The supremacy of information technology in running many modern systems hinges on the continued reliability of computer networks. Without stable computer network systems, many simple computing activities we have come to assume as part of our daily routines: sending emails, browsing the web, making...
26 Pages(6500 words)Dissertation

Computer Forensics

...?Part Computer forensics has always interested me and though I have considered myself close to being an expert in computer science, I must admit I have had to concede that I have learned that one can do many illicit things with a computer; situations that I did not know existed. Yet on the same token the forensic investigators, “the good guys”, can counter these illegal operations with many sophisticated tricks of their own. Sometimes it is not as instantaneous or glamorous as the fancy gadgets they show on CSI NY but they have many tools available to recreate crimes that can eventually hold up in court. But the TV shows have it right in at least one respect. Not only must the computer...
4 Pages(1000 words)Essay

Is digital evidence collected from a volatile source as valid as that collected from a static source

...uses random access memory (RAM) to store volatile data by way of writing current processes in the form of a virtual clipboard for process usage and immediate reference. The information that may be of interest to the investigator include running processes, console executed commands, clear text passwords, unencrypted data, instant messages and the internet protocol addresses. There can be a scenario where an examination of a running system is required involving a computer during investigation. These can be enhanced using home networking technology which allows an investigator to have a small network to facilitate any investigative situation involving a computer. Volatile source data...
4 Pages(1000 words)Research Paper

Fault tolerance and system/network survivability

...of computer storage systems. The forensic laboratory (or forensic lab) will contain an analysis machine, image acquisition machine and eight docking stations. Only the docking stations are networked together with eight computer laptops assigned to each forensic investigator. The safety measures of the forensic lab will be the discussion of this report based on the forensic equipment and storage requirements. 2. Network System Survivability Concepts SCORP Forensics increasingly depends on large-scale networked systems to conduct business, government,...
13 Pages(3250 words)Essay

Digital Forensics

.... There is also the need for a toolkit to help the human senses perceive the presentation of digital information well since it is impossible to view electronic record on an electromagnetic tape without a suitable toolkit. In digital forensics, the investigating system administrator can recover data even if erased from a user’s point of view. This makes techniques for recovery of erased information central to digital forensics. There is a variety of digital sources including computers, hard disks, VLSI chips, digital cameras, mobile phones, copiers, printers, backup tape, DVDs, CDs and network routers plus software and communication protocols. The Daubert test The Daubert standard is a...
6 Pages(1500 words)Essay

Computer Forensics

...Running Head: Forensic Biology Forensic Biology [Institute’s Forensic Biology Introduction In specific, the paper will discussand analyze one of the significant techniques in forensic biology: Forensic Toxicology. The legend of the pop industry, Michael Jackson, died on June 25, 2009. That was one of biggest shocks to the music industry and he left millions of his fans with tears and his unforgettable memories. Immediately after his death, every one had questions regarding the causes of the death of Michael. This is one of departments, which a forensic scientist is responsible for dealing with. The initial reports regarding the deal of...
5 Pages(1250 words)Research Paper


...Forensics Introduction: The scientific evidence that would be considered in this study would be that of Ddeoxyribonucleic Acid or simply DNA testing, or DNA profiling, or fingerprinting. In real terms the presence of DNA clues in a crime location could make all the difference between return of a guilty verdict, or the exoneration of a suspect. Crime fighters and forensic experts make good use of DNA profiling by matching DNA profiles found at the site of crimes with the DNA records stored in the database of law enforcement authorities. Over the years of its useful application for major tests, and successful accomplishment as a major crime detector, DNA has, perhaps through trials and errors, evolved as a...
5 Pages(1250 words)Essay

Computer Forensics US-CERT (2008), “computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, 2008,p.1). Computer forensics is an important tool for managers and network administrators who handle the security related issues of the computer systems. Proper understandings about the legal and technical aspects of computer forensics will help the computer professionals to locate and prosecute the intruders more easily. This paper briefly analyses the characteristics of...
5 Pages(1250 words)Essay

Network/System Forensics

...Network/System Forensics Cyber Attacks Cyber attack can be referred to as the computer to computer attacks that are carried out to erase, alter, orsteal information or to impede or destroy the functioning of the targeted computer system (Pangi, 2003). It can also be defined as an attempt to compromise the functionality of the computer-based system or an attempt to monitor the individual’s online movement without their consent or permission. In most cases, these attacks are undetectable to the network administrator or the end user or it can lead to disruption of the network in such a way that the end user is unable to perform some of the rudimentary tasks. These...
10 Pages(2500 words)Research Paper

Computer Forensics

...45 questions, worth 2 points each question worth 10 points In a criminal investigation, the prosecutor is required to provide a copy of all evidence in discovery. In these investigations, what is the minimum number of copies that should be made of each digital media device? ________ TWO 2. True or False: Of the three phases of an investigation: Acquisition, Authentication, and Analysis, Acquisition is the process of retrieving digital evidence and verifying that it is authentic. ________ FALSE 3. “A specialty field in which companies retrieve files that were deleted accidentally or purposefully” is the definition for which of the following terms? ________ a. Private Investigation b. Computer Forensics c. Data...
2 Pages(500 words)Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Article on topic Virtual Machine Forensics and Network Forensics for FREE!

Contact Us