Computer forensics: incident response essentials
Computer forensics: incident response essentials
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Guide to Computer Forensics and Investigations
Guide to Computer Forensics and Investigations
A formal model for virtual machine introspection
Proceedings of the 1st ACM workshop on Virtual machine security
DKSM: Subverting Virtual Machine Introspection for Fun and Profit
SRDS '10 Proceedings of the 2010 29th IEEE Symposium on Reliable Distributed Systems
An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds
IEEE Security and Privacy
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Evolution of traditional digital forensics in virtualization
Proceedings of the 50th Annual Southeast Regional Conference
Hi-index | 0.00 |
Computer virtualization is not a new technology, it has become increasingly important because of the many advantages it offers to businesses and individuals to reduce costs, while introducing new challenges to the field of digital forensics. As virtualization continues to be adopted by more and more companies every year, malware and hacker attacks are going to have an increasing effect on virtualized systems. Therefore, the increasing growth of virtualization has created the need for a new generation of computer forensic tools and techniques to analyze these compromised systems. Because of the rapid growth of virtualization, new techniques to interact with virtual systems have been developed. Some of these techniques reduce the limitations of traditional forensics tools abilities to analyze the virtual system. Virtual Machine Introspection (VMI) is one of these techniques that have formed the basis for a number of novel approaches in the fields of cyber security and digital forensics. This paper explores how VMI improves traditional digital forensics to overcome its downfalls when used to investigate virtual machines, especially during a live analysis of the machine.