Virtualization and Forensics

Virtualization and Forensics, 1st Edition

A Digital Forensic Investigator’s Guide to Virtual Environments

Virtualization and Forensics, 1st Edition,ISBN9781597495578





235 X 191

A digital forensic investigator’s guide to virtual environments.

Print Book + eBook

USD 73.74
USD 122.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 62.95

eBook Overview

VST (VitalSource Bookshelf) format

DRM-free included formats : EPUB, Mobi (for Kindle), PDF

USD 59.95
Add to Cart

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology


Virtualization and Forensics: A Digital Forensic Investigators Guide to Virtual Environments provides an introduction to virtualized environments and their implications on forensic investigations. It emphasizes the need for organizations using virtualization to be proactive rather than reactive. Being proactive means learning the methods in this book to train staff, so when an incident occurs, they can quickly perform the forensics and minimize the damage to their systems. The book is organized into three parts. Part I deals with the virtualization process and the different types of virtualized environments. It explains how virtualization happens along with the various methods of virtualization, hypervisors, and the main categories of virtualization. It discusses server virtualization, desktop virtualization, and the various portable virtualization programs, emulators, and appliances. Part II details how virtualization interacts with the basic forensic process. It describes the methods used to find virtualization artifacts in dead and live environments, and identifies the virtual activities that affect the examination process. Part III addresses advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization.


Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Virtualization and Forensics, 1st Edition



About the Authors

Part 1 Virtualization

    Chapter 1 How Virtualization Happens

         Physical Machines

         How Virtualization Works


         Main Categories of Virtualization

         Benefits of Virtualization

         Cost of Virtualization




    Chapter 2 Server Virtualization

         What Is Server Virtualization?

         Differences between Desktop and Server Virtualization

         Common Virtual Servers




    Chapter 3 Desktop Virtualization

         What Is Desktop Virtualization?

         Common Virtual Desktops

         Virtual Appliances and Forensics

         Virtual Desktops as a Forensic Platform



    Chapter 4 Portable Virtualization, Emulators, and Appliances



         Preconfigured Virtual Environments

         Virtual Appliance Providers

         JumpBox Virtual Appliances


         Virtualization Hardware Devices

         Virtual Privacy Machine

         Virtual Emulators

         Future Development




Part 2 Forensics

    Chapter 5 Investigating Dead Virtual Environments

         Install Files



         Microsoft Disk Image Formats

         Data to Look for

         Investigator Tips




    Chapter 6 Investigating Live Virtual Environments

         The Fundamentals of Investigating Live Virtual Environments


         Processes and Ports

          Log Files

         VM Memory Usage

         Memory Analysis 121

         ESXi Analysis

         Microsoft Analysis Tools

         Moving Forward




    Chapter 7 Finding and Imaging Virtual Environments

         Detecting Rogue Virtual Machines

         Is It Real or Is It Memorex?

         Imaging Virtual Machines



         Identification and Conversion Tools

         Environment to Environment Conversion




Part 3 Advanced Virtualization

    Chapter 8 Virtual Environments and Compliance



         Organizational Chain of Custody

         Data Retention Policies




    Chapter 9 Virtualization Challenges

         Data Centers

         Security Considerations

         Malware and Virtualization

         Red Pill, Blue Pill, No Pill

         Additional Challenges

         Virtualization Drawbacks




    Chapter 10 Cloud Computing and the Forensic Challenges

         What Is Cloud Computing?

         Cloud Computing Services

         Streaming Operating Systems

         Application Streaming

         Virtual Applications

         Cloud Computing, Virtualization, and Security

         Cloud Computing and Forensics



    Chapter 11 Visions of the Future: Virtualization and Cloud Computing

         Future of Virtualization

         The Evolving Cloud

         Autonomic Computing



Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations



Free Shipping
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy

Contact Us