StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Virtual Machine Forensics and Network Forensics - Article Example

Cite this document
Summary
According to the paper, a virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.1% of users find it useful
Virtual Machine Forensics and Network Forensics
Read Text Preview

Extract of sample "Virtual Machine Forensics and Network Forensics"

Virtual Machine Forensics A virtual machine (VM) is a software program for creating different environments with each of the environment simulating its components (both hardware and software). Each of the environments (virtual machine) mimics a real computer system with its operating system and hardware. In digital forensics the user controls each of the virtual machines independently.Network forensics refers to the capture, storage, and analysis of network traffic. It can be used interchangeably with terms such as packet mining, packet forensics, or digital forensics.

Regardless, the concept remains the same i.e. recording packet traffic of emails, database queries, Web browsing to a single searchable network traffic database for detailed examination (Habib).Network forensics involves: 1) Identifying and responding to attacks against computer systems 2) The utilisation of security devices in gathering evidence data 3) utilising the networks for passive information collection during an investigation VM examintion Typical digital forensic investigation is divided into four main stages namely; access, acquire, analyze and report.

In the access phase, the examiner records details of the virtual machines. Then makes copies of all data from the running system and generate the forensic image of all storage media a process known as acquisition. The acquired image can be used by forensics tools (open-source or commercial) such as EnCase, Sleuthkit, Live View and FTK to carry out a forensics analysis. VMware has Snapshot feature that permits the examiner to suspend the state of a VM at any specific point of time. Creating a forensics image of a VMTraditional computer forensics is conducted in relation to physical machines in generating disk images and memory dumps.

In contrast to typical computer forensics, Virtual machine requires live forensics to acquire volatile data and depends on the system hosting the virtual machines. VM simulates basic hardware parts and provides support to a limited range of hardware devices. The created dd image can’t be directly booted in a VM environment.The VM requires extra files of the environment being booted. There are significant changes needed in the original environment to enable the image to boot in the VM environment.

When the system is booted new data will be written to the original image thus modifying it (overwriting of old data). This necessitates the creation of backup copy of the original data. The original data is write-protected. The succeeding phases of data analysis are conducted on this copy leaving the original data untouched.Other system acquisitionsTypically both FTK imager and EnCase forensic tools need a write blocker device to capture the image a live physical drive. This is not the case with VMware virtual disks.

These disks are organized as files and therefore the image can be generated without a write blocker being included. These forensic tools (FTK imager and EnCase) can be used to generate both raw images for VM hard disks and the computed hashes of the raw images. Both tools create the matching MD5 and SHA1 hashes. It is therefore resolved that VM hard disk files can be securely converted to raw/dd images without necessarily using the write block device.Work citedHabib, Joe. 'Network Forensics And Digital Time Travel | Hacking | Technewsworld'.

Technewsworld.com. N.p., 2006. Web. 27 Apr. 2015.Huebner, Ewa, and Stefano Zanero. Open Source Software For Digital Forensics. New York: Springer, 2010. Print

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Virtual Machine Forensics and Network Forensics Article”, n.d.)
Retrieved from https://studentshare.org/information-technology/1690322-virtual-machine-forensics-and-network-forensics
(Virtual Machine Forensics and Network Forensics Article)
https://studentshare.org/information-technology/1690322-virtual-machine-forensics-and-network-forensics.
“Virtual Machine Forensics and Network Forensics Article”, n.d. https://studentshare.org/information-technology/1690322-virtual-machine-forensics-and-network-forensics.
  • Cited: 0 times

CHECK THESE SAMPLES OF Virtual Machine Forensics and Network Forensics

Software Apps for Business ( The Apple Mac book )

running head: Software Applications For Business Software Applications for Business Apple MacBook (2008-2012) Course No.... & Code Contents Introduction 3 Product Offered in 2008 3 Specifications of Apple MacBook 2011 & 2012 4 Advancements Made in the Version 2008 and Comparison with Version 2012 4 Advantages of Using Apple MacBook Pro 2012 & Apple Retina Display 2012 6 Disadvantages of Not Using Apple MacBook 2012 6 Competing Products of Apple MacBook 6 References 8 Introduction Since its inception, Apple has strived and managed to offer machines which are light and simple with extensive storage, memory and digital output....
3 Pages (750 words) Research Paper

Identity Theft Through Unsecure Wireless Networks

This paper ''Identity Theft Through Unsecure Wireless Networks'' tells that the best way to ensure that information is not obtained when using a public Wi-Fi is not only by sending any sensitive information over the network but also keeping into consideration the above steps.... Unauthorized access also imposes high bills to the owner of the network where they involve lots of traffic by downloading videos and software.... It is quite evident that a walk with a Wi-Fi enabled phone or laptop it's easy to steal internet, this is just because most of the network have no security....
6 Pages (1500 words) Literature review

Effective Techniques to Mitigate Risks, Incorporating Voice Signatures

This is the point where digital forensic experts are incorporated for identifying the threat, impact and network incidents caused by it.... - A discovery process focused on understanding the application and network infrastructure, as well as the business information flow of the organization.... The definition of security, in the context of data theft on the internet, consists of concerns linked to i) communication privacy on the network, ii) data confidentiality over the network, iii) unauthorized access to classified data, iv) entry into prohibited network domains and v) internet utilization for hidden communication....
8 Pages (2000 words) Essay

Technologies Used by Police Forces

Later in the years, this is what emerged to be the core of forensics (McElreath et al.... The driving force for the introduction of forensics was to foresee justice prevail because before, the judicial proceedings were just based on evidence coming from victim statements and coerced confessions.... forensics was the better option after jurists and criminologists were convinced that it had standards of neutrality and objectivity.... In addition, forensics could add fairness and precision to investigations as a result scientists and doctors had a partnership with the police so that they could integrate solving crimes and science (McElreath et al....
8 Pages (2000 words) Research Paper

New Technology in the Workplace

This paper “New Technology in the Workplace” will analyze the changes that have occurred in the past decade due to advanced technology particularly Information technology.... There are various IT tools which can protect as well as optimize office systems.... hellip; The author of the paper states that unison of many employees under a single organization to reach a target can always be aided by technology, importantly information technology....
10 Pages (2500 words) Research Paper

The Changes in Office Systems Due to Advanced Technology

This essay "The Changes in Office Systems Due to Advanced Technology" discusses technological products that are being used in office management.... From opening a simple door to carrying out advanced operations, technology has become an omnipresent entity in offices.... hellip; The information technology and its related products can be used optimally if there is no security threat to it....
9 Pages (2250 words) Essay

Challenges in Handling Electronic Evidence

nbsp;… Generally, computer forensics has become a booming trade as it is important to unearth data and then further analyze it to make it applicable in the criminal case.... From the paper "Challenges in Handling Electronic Evidence" it is clear that e-evidence has grown to become increasingly important in the court of law....
7 Pages (1750 words) Coursework

Virtual Machine Forensics

This essay "virtual machine forensics" presents virtual machines that are considered as mimicries of certain computer systems.... Type 2 hypervisors (hosted hypervisors) are virtual machine managers that are installed as software applications on an operating system that is already in existence.... There are various deterrents that should be considered before releasing a virtual machine to the consumer.... As opposed to the type 1 hypervisors, they support virtual guest machines by coordinating CPU, network, memory, and other calls from other resources via the operating system of the host....
1 Pages (250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us