The Implications of Virtual Machine Introspection for Digital Forensics on Nonquiescent Virtual Machines

Abstract

The use of virtualized servers is on the rise, this results in a need for better forensic analysis capabilities for these virtualized environments. One of the answers to that has been the development of virtual machine introspection tools. Virtual machine introspection is a relatively new technique that has some important implications for digital forensics. Since it is performed outside of the virtual machine, it can help to alleviate the observer effect that is often encountered when performing a live analysis. This thesis tests how these tools can work in a nonquiescent environment and shows that the tools tested are able to produce reliable results

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2011
Accession Number
ADA547905

Entities

People

  • Nathan W. Hirst

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computational Forensics
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Data Centers
  • Detection
  • Digital Information
  • Graphical User Interface
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Mainframe Computers
  • Observers
  • Operating Systems
  • Quantum Mechanics
  • Virtual Machines

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Distributed Systems and Data Platform Development
  • Theoretical Analysis.