The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines
Approved for public release; distribution is unlimited. === The use of virtualized servers is on the rise. This results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools....
| Main Author: | |
|---|---|
| Other Authors: | |
| Published: |
Monterey, California. Naval Postgraduate School
2012
|
| Online Access: | http://hdl.handle.net/10945/5688 |
| Summary: | Approved for public release; distribution is unlimited. === The use of virtualized servers is on the rise. This results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools. Virtual machine introspection is a relatively new technique that has some important implications for digital forensics. Since it is performed outside of the virtual machine, it can help to alleviate the observer effect that is often encountered when performing a live analysis. This thesis tests how these tools can work in a nonquiescent environment and shows that the tools tested are able to produce reliable results. |
|---|