Virtual Machine for Computer Forensics – the Open Source Perspective

Conference paper

Abstract

In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. We argue that commercial closed source computer forensics software has certain limitations, and we propose a method which may lead to gradual shift to open source software (OSS). A brief overview of virtual environments and open source software tools is presented and discussed. Further we identify current limitations of virtual environments leading to the conclusion that the method is very promising, but at this point in time it can not replace conventional techniques of computer forensics analysis. We demonstrate that using Virtual Machines (VM) in Linux environments can complement the conventional techniques, and often can bring faster and verifiable results not dependent on proprietary, close source tools.

Key words

Computer Forensics Virtual Machine open source 

References

  1. 1.
    AMD (2008) AMD Industry Leading Virtualization Platform Efficiency http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_8796_14287,00.html Accessed 10 November 2007
  2. 2.
    Bochs IA-32 Emulator (2007) http://bochs.sourceforge.net/. Accessed 12 January 2008
  3. 3.
    Kernel Based Virtual Machine (2008) http://kvm.qumranet.com/kvmwiki/Front_Page. Accessed 22 January 2008
  4. 4.
    Linux-VServer (2008) http://linux-vserver.org/Welcome_to_Linux-VServer.org. Accessed on 30 January 2008
  5. 5.
    Mandriva (2008) http://www.mandriva.com/. Accessed 12 February 2008
  6. 6.
    Microsoft (2007) Microsoft Product Activation for Windows Vista® and Windows Server® 2008 (2008)Google Scholar
  7. 7.
    Microsoft (2007) Microsoft Virtual PC 2007 (2007) http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx. Accessed 23 August 2007
  8. 8.
    Microsoft (2007) Microsoft Windows Genuine Advantage, Reported OEM BIOS Hacks http://blogs.msdn.com/wga/archive/2007/04/10/reported-oem-bios-hacks.aspx. Accessed 12 March 2008
  9. 9.
    openSUSE (2008) http://www.opensuse.org/. Accessed 2 February 2008
  10. 10.
    OpenVZ (2008) http://openvz.org/. Accessed 16 January 2008
  11. 11.
    Sun Microsystems Virtualization (2008) http://www.sun.com/software/solaris/virtualization.jsp. Accessed 1 March 2008
  12. 12.
    Sun xVM VirtualBox (2008) http://www.sun.com/software/products/virtualbox/index.jsp. Accessed 4 April 2008
  13. 13.
    VMWare (2007) http://www.vmware.com/. Accessed 22 November 2007
  14. 14.
    Xen (2008) http://xen.org/. Accessed 15 February 2008
  15. 15.
    Bem D, Feld F, Huebner E et al (2008) Computer Forensics - Past, Present and Future. Journal of Information Science and Technology, Volume 5 Issue 3Google Scholar
  16. 16.
    Bem D, Huebner E (2007) Analysis of USB Flash Drives in a Virtual Environment. Small Scale Digital Device Forensic Journal, Volume 1 Issue 1Google Scholar
  17. 17.
    Bem D, Huebner E (2007) Computer Forensics Analysis in Virtual Environments. International Journal of Digital Evidence, Volume 6 Issue 2Google Scholar
  18. 18.
    Carrier B (2005) File System Forensic Analysis. Addison-Wesley, Upper Saddle RiverGoogle Scholar
  19. 19.
    Carrier B (2007) The Sleuth Kit. http://www.sleuthkit.org/sleuthkit/desc.php. Accessed 1 February 2007
  20. 20.
    Carvey H (2007) Windows Forensic Analysis. Syngress, RocklandGoogle Scholar
  21. 21.
    Chao L (2006) Intel Virtualization Technology. Intel Technology Journal, doi: 10.1535/itj.1003Google Scholar
  22. 22.
    DuCharme B (1994) The Operating Systems Handbook. McGraw-Hill Companies, New YorkGoogle Scholar
  23. 23.
    Farmer D, Venema W (2005) Forensic Discovery. Addison-Wesley, Upper Saddle RiverGoogle Scholar
  24. 24.
    Grundy BJ (2008) The Law Enforcement and Forensic Examiner’s Introduction to Linux, A Beginner’s Guide. http://www.linuxleo.com/Docs/linuxintro-LEFE-3.65.pdf. Accessed on 17 September 2008
  25. 25.
    Hart SV (2004) Forensic Examination of Digital Evidence: A Guide for Law Enforcement. www.ncjrs.gov/pdffiles1/nij/199408.pdf. Accessed on 7 March 2007
  26. 26.
    Maguire J (2008) Hottest IT Job Market: Virtualization. Datamation. http://itmanagement.earthweb.com/career/article.php/3746776/Hottest+IT+Job+Market:+Virtualization.htm. Accessed on 17 June 2008
  27. 27.
    McKemmish R (1999) What is Forensic Computing? Trends & Issues in Crime And Criminal Justice, Australian Institute of CriminologyGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Computer Forensis ConsultingWarrimooAustralia

Personalised recommendations