Description
With the advancement in virtualization technology, virtual machines (VMs) are becoming a common and integral part of datacenters. As the popularity and the use of VMs increases, incidents involving them are also on the rise. There is substantial research on using VMs and virtual appliances to aid forensic investigation, but research on the appropriate forensics procedures for collecting and analyzing evidence within a VM following is lacking. This paper presents a forensically sound way to acquire and analyze VM hard disks. A forensics tool for analyzing VM snapshots and vmdk files is developed and has been proven to be forensically sound.
Date of creation, presentation, or exhibit
7-2012
Document Type
Conference Paper
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Recommended Citation
Hirwani M., Pan Y. , Stackpole W., and Johnson D. Forensic Acquisition and Analysis of VMware Virtual Hard Disks. In SAM'12 - The 2012 International Conference on Security and Management (Las Vegas, NV, USA, July 2012)
Campus
RIT – Main Campus
Comments
Presented at the 2012 International Conference on Security and Management, Las Vegas, NV, July 16-19.