The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines
Approved for public release; distribution is unlimited. === The use of virtualized servers is on the rise. This results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools....
| Main Author: | |
|---|---|
| Other Authors: | |
| Published: |
Monterey, California. Naval Postgraduate School
2012
|
| Online Access: | http://hdl.handle.net/10945/5688 |
| id |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-5688 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-56882015-08-06T16:02:40Z The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines Hirst, Nathan W. Eagle, Chris Dinolt, George Naval Postgraduate School (U.S.) Computer Science Approved for public release; distribution is unlimited. The use of virtualized servers is on the rise. This results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools. Virtual machine introspection is a relatively new technique that has some important implications for digital forensics. Since it is performed outside of the virtual machine, it can help to alleviate the observer effect that is often encountered when performing a live analysis. This thesis tests how these tools can work in a nonquiescent environment and shows that the tools tested are able to produce reliable results. 2012-03-14T17:46:23Z 2012-03-14T17:46:23Z 2011-06 Thesis http://hdl.handle.net/10945/5688 743235197 This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted. Monterey, California. Naval Postgraduate School |
| collection |
NDLTD |
| sources |
NDLTD |
| description |
Approved for public release; distribution is unlimited. === The use of virtualized servers is on the rise. This results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools. Virtual machine introspection is a relatively new technique that has some important implications for digital forensics. Since it is performed outside of the virtual machine, it can help to alleviate the observer effect that is often encountered when performing a live analysis. This thesis tests how these tools can work in a nonquiescent environment and shows that the tools tested are able to produce reliable results. |
| author2 |
Eagle, Chris |
| author_facet |
Eagle, Chris Hirst, Nathan W. |
| author |
Hirst, Nathan W. |
| spellingShingle |
Hirst, Nathan W. The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| author_sort |
Hirst, Nathan W. |
| title |
The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| title_short |
The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| title_full |
The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| title_fullStr |
The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| title_full_unstemmed |
The implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| title_sort |
implications of virtual machine introspection for digital forensics on nonquiescent virtual machines |
| publisher |
Monterey, California. Naval Postgraduate School |
| publishDate |
2012 |
| url |
http://hdl.handle.net/10945/5688 |
| work_keys_str_mv |
AT hirstnathanw theimplicationsofvirtualmachineintrospectionfordigitalforensicsonnonquiescentvirtualmachines AT hirstnathanw implicationsofvirtualmachineintrospectionfordigitalforensicsonnonquiescentvirtualmachines |
| _version_ |
1716816151766368256 |