Evolution of digital forensics in virtualization by using virtual machine introspection

  • Authors:

  • James Poore;Juan Carlos Flores;Travis Atkison

  • Affiliations:

  • Louisiana Tech University, Ruston, LA;Louisiana Tech University, Ruston, LA;Louisiana Tech University, Ruston, LA

  • Venue:
  • Proceedings of the 51st ACM Southeast Conference
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

Computer virtualization is not a new technology, it has become increasingly important because of the many advantages it offers to businesses and individuals to reduce costs, while introducing new challenges to the field of digital forensics. As virtualization continues to be adopted by more and more companies every year, malware and hacker attacks are going to have an increasing effect on virtualized systems. Therefore, the increasing growth of virtualization has created the need for a new generation of computer forensic tools and techniques to analyze these compromised systems. Because of the rapid growth of virtualization, new techniques to interact with virtual systems have been developed. Some of these techniques reduce the limitations of traditional forensics tools abilities to analyze the virtual system. Virtual Machine Introspection (VMI) is one of these techniques that have formed the basis for a number of novel approaches in the fields of cyber security and digital forensics. This paper explores how VMI improves traditional digital forensics to overcome its downfalls when used to investigate virtual machines, especially during a live analysis of the machine.