Abstract
As virtualization becomes more prevalent in the enterprise and in personal computing, there is a great need to understand the technology as well as its ramifications for recovering digital evidence. This paper focuses on trace evidence related to the installation and execution of virtual machines (VMs) on a host machine. It provides useful information regarding the types and locations of files installed by VM applications, the processes created by running VMs and the structure and identity of VMs, ancillary files and associated artifacts
Original language | American English |
---|---|
Title of host publication | Advances in Digital Forensics V |
DOIs | |
State | Published - 2009 |
Externally published | Yes |
Keywords
- virtualization
- virtual machine
- VMware
- parallels
Disciplines
- Computer and Systems Architecture
- Forensic Science and Technology