How virtual machines can be used in a forensics investigation?

How is virtualization relevant to the concept of digital forensics?

Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system.

How digital forensics were used in the investigation?

Digital forensics is the “application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence” [24]. … Host-based forensics focuses on the collection and analysis of digital evidence collected from individual computer systems to investigate computer crime.

What is special different about performing forensic analysis on virtual machines?

The main difference is that to effectively examine a virtual machine using the same tools and processes that are common to computer forensic investigations, it is best to export (image) the virtual machine into a common forensic format.

What are some of the benefits of restoring a suspect’s virtual machine?

By restoring the suspect hard drive, the examiner will be able to use the suspect’s unique software to view data created by that unique software which is considered evidence. There are also instances where specific versions of outdated software may be required to view evidence files as well.

THIS IS IMPORTANT:  What are the benefits of research in law and criminology?

How can the computer forensic investigator extend the virtual memory of a workstation?

The VMDK file is a binary file that plays a role in a virtual disk of a virtual machine and configures the virtual machine image of the VMware Workstation. It can allocate the VMDK file as much as the configuration size of a virtual machine and increase it dynamically.

What does a digital forensic investigator do?

As the name implies, forensic computer investigators and digital forensic experts reconstruct and analyze digital information to aid in investigations and solve computer-related crimes. They look into incidents of hacking, trace sources of computer attacks, and recover lost or stolen data.