Computer forensics: incident response essentials
Computer forensics: incident response essentials
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
System-Level Virtualization for High Performance Computing
PDP '08 Proceedings of the 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Novel Hardware Assisted Full Virtualization Technique
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
A formal model for virtual machine introspection
Proceedings of the 1st ACM workshop on Virtual machine security
DKSM: Subverting Virtual Machine Introspection for Fun and Profit
SRDS '10 Proceedings of the 2010 29th IEEE Symposium on Reliable Distributed Systems
An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds
IEEE Security and Privacy
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Evolution of digital forensics in virtualization by using virtual machine introspection
Proceedings of the 51st ACM Southeast Conference
| Hi-index | 0.00 |
Computer virtualization is not new; however, it has become increasingly important because of the many advantages it offers businesses and individuals to reduce costs. A company can reduce maintenance, hardware, and energy costs by running virtualized servers on a single physical machine. Although virtualization offers these advantages, it introduces new challenges to current computer forensic techniques as well as computer system defense tools. As this technology continues to be adopted by more and more companies every year, malware and hacker attacks are potentially going to affect virtualized systems as they have been affecting physical systems in the past. Therefore, the increasing growth of virtualization has created the need for a new generation of computer system defenses as well as computer forensic techniques to effectively defend these systems before or after they have been attacked. Because of the nature of how virtualization operates, new techniques to interact with these systems have become available. These techniques allow us to increase the effectiveness of current forensic and system defense tools to create new tools to defend or analyze virtualized systems. Virtual Machine Introspection (VMI) is one of these techniques that have formed the basis of a number of novel approaches in the field of Digital Forensics and Cybersecurity. In this paper, we present what VMI has offered to Digital Forensics and the new challenges it brings. Likewise, we discuss why traditional Digital Forensic techniques are not reliable to analyze virtual machines once they have been attacked.