Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual... at Dominant Systems Book Store

Virtualization creates new and difficult challenges for forensic investigations. Operating systems and applications running in virtualized environments often leave few traces, yielding little evidence with which to conduct an investigation.

Virtualization and Forensics offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III address advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. After reading this book, you'll be equipped to conduct investigations in these environments with confidence.

Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
Explores trends and emerging technologies surrounding virtualization technology

Customer Reviews & Comments
Customer review from the Amazon Vine™ Program (What's this?) As a virtualization professional (full disclosure: i work at VMware), i was very interested in reading this book. However i was very disappointed. When reading the section on server virtualization, i was surprised to find that the author made no mention of ESXi nor ESX in the discussion of VMware's solution - which is probably the most likely virtualization OS that a forensics professional would likely encounter. The book reads like a preliminary draft of a master thesis; basically providing a survey of some of the literature and tools available for forensics. Very little detail is given and pages are wasted with screen shots of the various virtualization platform tools and lists of files, which could have easily been provided on a DVD or via a book support website, but i assume were printed to pad the book (which is very short considering the breadth of the topic area and the number of solution discussed - ~220 pages). An obvious missing component to the book was a DVD or glossary of the websites for free tools that could be used. Much of the information in the book could be found within minutes via google. I was surprised to find no mention of Open VZ which is the basis of Parallels Virtuozzo Containers. There is no real practical or actionable information that specifically helps you with the forensic analysis of virtual environments. The book is full of question and no answers - not worth the paper.

Back To Top