»
Virtualization and Forensics
 
 

Virtualization and Forensics, 1st Edition

A Digital Forensic Investigator’s Guide to Virtual Environments

 
Virtualization and Forensics, 1st Edition,Diane Barrett,Greg Kipper,ISBN9781597495578
 
 
 

  &      

Syngress

9781597495578

9781597495585

272

235 X 191

A digital forensic investigator’s guide to virtual environments.

Print Book + eBook

USD 73.74
USD 122.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 62.95

eBook
eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 59.95
Add to Cart
 
 

Key Features

  • Named a 2011 Best Digital Forensics Book by InfoSec Reviews
  • Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
  • Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
  • Explores trends and emerging technologies surrounding virtualization technology

Description

Virtualized environments are growing quicker than the predicted pace, and according to O’Reilly’s computer book market report, they are the second largest computer book topic in terms of sales for 2008 with a growth of 63%. With more companies using virtual servers and environments, the ability to handle forensic data in this environment will be a necessity. This book provides forensic investigators end-to-end knowledge of examinations in server, desktop, and portable environments, including the leaders in the market: VMware, Microsoft, and Citrix.

Readership

Forensic Investigators (corporate and law enforcement) and Incident Response Professionals.

Diane Barrett

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Affiliations and Expertise

CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Greg Kipper

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Affiliations and Expertise

is a futurist and strategic forecaster in emerging technologies. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor in both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."

Virtualization and Forensics, 1st Edition

PART 1 VIRTUALIZATION

Chapter 1 How Virtualization Happens
Physical Machines
How Virtualization Works
Virtualizing Operating Systems
Virtualizing Hardware Platforms
Server Virtualization
Hypervisors
Bare-Metal Hypervisor (Type 1)
Embedded Hypervisor
Hosted Hypervisor (Type 2)
Main Categories of Virtualization
Full Virtualization
Paravirtualization
Hardware-Assisted Virtualization
Operating System Virtualization
Application Server Virtualization
Application Virtualization
Network Virtualization
Storage Virtualization
Service Virtualization
Benefits of Virtualization
Cost of Virtualization

Chapter 2 Server Virtualization
What Is Server Virtualization?
The Purpose of Server Virtualization
Server Virtualization: The Bigger Picture
Differences between Desktop and Server Virtualization
Common Virtual Servers
VMware Server
Microsoft Virtual Server
Citrix XenServer
Oracle VM

Chapter 3 Desktop Virtualization
What Is Desktop Virtualization?
Why Is It Useful?
Common Virtual Desktops
VMware
VMware Fusion
Microsoft Virtual PC
Parallels
Sun VirtualBox
Xen
Virtual Appliances and Forensics
Penguin Sleuth Kit
The Revealer Toolkit
Intelica IP Inspect Virtual Appliance
Helix 2008R1
CAINE 0.3
Virtual Desktops as a Forensic Platform

Chapter 4 Portable Virtualization, Emulators, and Appliances
MojoPac
MokaFive
Preconfigured Virtual Environments
VMware
Microsoft
Parallels
Xen
Virtual Appliance Providers
JumpBox Virtual Appliances
VirtualBox
Virtualization Hardware Devices
Virtual Privacy Machine
Virtual Emulators
Bochs
DOSBox
Future Development

PART 2 FORENSICS

Chapter 5 Investigating Dead Virtual Environments
Install Files
VMware Server
VMware Workstation
Microsoft Virtual PC – Microsoft Virtual PC 2007
MojoPac
MokaFive
Virtual Privacy Machine
Bochs
DOSBox
Remnants
MojoPac
MokaFive
Virtual Privacy Machine
VMware
Microsoft
Citrix Xen
Bochs
DOSBox
Virtual Appliances
Registry
MojoPac
MokaFive
Bochs
DOSBox
VMware and Microsoft
Microsoft Disk Image Formats
Data to Look for Investigator Tips

Chapter 6 Investigating Live Virtual Environments
The Fundamentals of Investigating Live Virtual Environments
Best Practices
Virtual Environments
Artifacts
Processes and Ports
Virtual Environment File Ports and Processes
VMware and Tomcat
IronKey and Tor
SPICE
Log Files
VM Memory Usage
Memory Management
Memory Analysis
ESXi Analysis
Microsoft Analysis Tools
Moving Forward
Trace Collection for a Virtual Machine
Separate Swap Files Corresponding to Different Virtual Machines in a Host Computer System
Profile Based Creation of Virtual Machines in a Virtualization Environment
System and Methods for Enforcing Software License Compliance with Virtual Machines
System and Method for Improving Memory Locality of Virtual Machines
Mechanism for Providing Virtual Machines for Use by Multiple Users

Chapter 7 Finding and Imaging Virtual Environments
Detecting Rogue Virtual Machines
Alternate Data Streams and Rogue Virtual Machines
Is It Real or Is It Memorex?
Virtual Machine Traces
Imaging Virtual Machines
Snapshots
Snapshot Files
VMotion
Identification and Conversion Tools
Live View
WinImage
Virtual Forensic Computing
Environment to Environment Conversion
VM File Format Conversions

PART 3 ADVANCED VIRTUALIZATION

Chapter 8 Virtual Environments and Compliance
Standards
Compliance
Regulatory Requirements
Discoverability of Virtual Environment
Legal and Protocol Document Language
Organizational Chain of Custody
Acquisition
VM Snapshots versus Full Machine Imaging
Mounting Virtual Machines
Data Retention Policies
Virtual Machine Sprawl
The Dynamic Movement of VMs
Backup and Data Recovery

Chapter 9 Virtualization Challenges
Data Centers
Storage Area Networks, Direct Attached Storage, and Network Attached Storage
Cluster File Systems
Analysis of Cluster File Systems
Security Considerations
Technical Guidance
VM Threats
Hypervisors
Virtual Appliances
The VM
Networking
Malware and Virtualization
Detection
Red Pill, Blue Pill, No Pill
Blue Pill
Red Pill and No Pill
Other Rootkits
Other Methods of Finding VMs
Additional Challenges
Encryption
Solid-State Drives
New File Systems and Disk Types
Compression and Data Deduplication
Virtualization Drawbacks

Chapter 10 Cloud Computing and the Forensic Challenges
What Is Cloud Computing?
Multitenancy
Cloud Computing Services
Infrastructure-as-a-Service
Platform-as-a-Service
Desktops-as-a-Service
Software-as-a-Service
Other Cloud Computing Services
Streaming Operating Systems
Application Streaming
Virtual Applications
Benefits and Limitations of Virtual Applications
Cloud Computing, Virtualization, and Security
Cloud Computing and Forensics
Conducting a Forensic Investigation on a Cloud Environment
Incident Response
Conducting a Forensic Investigation in a Cloud Environment

Chapter 11 Visions of the Future: Virtualization and Cloud Computing
Future of Virtualization
Hardware Hypervisors
Virtual Machines Will Be Used for Antiforensics
Mobiles and Virtualization
VMware Mobile Virtualization Platform
The Evolving Cloud
Trends in Cloud Computing
More Robust Legal Procedures Will Be Developed
Data-Flow Tools Will Evolve
The Home Entrepreneur
The iPad, Tablet, and Slate
Autonomic Computing

Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations

 
 
Back To School Sale | Use Promo Code BTS14
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ