Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers

Research Article

Investigating the Implications of Virtualization for Digital Forensics

Download
449 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-23602-0_10,
        author={Zheng Song and Bo Jin and Yinghong Zhu and Yongqing Sun},
        title={Investigating the Implications of Virtualization for Digital Forensics},
        proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers},
        proceedings_a={E-FORENSICS},
        year={2012},
        month={10},
        keywords={Digital Forensics Virtualization Forensic Image Booting Virtual Machine Introspection},
        doi={10.1007/978-3-642-23602-0_10}
    }
    
  • Zheng Song
    Bo Jin
    Yinghong Zhu
    Yongqing Sun
    Year: 2012
    Investigating the Implications of Virtualization for Digital Forensics
    E-FORENSICS
    Springer
    DOI: 10.1007/978-3-642-23602-0_10
Zheng Song1,*, Bo Jin2,*, Yinghong Zhu1,*, Yongqing Sun2,*
  • 1: Shanghai Jiao Tong University
  • 2: Ministry of Public Security, People’s Republic of China (The Third Research Institute of Ministry of Public Security)
*Contact email: songzheng@sjtu.edu.cn, jinbo@stars.org.cn, zhuyinghong@sjtu.edu.cn, yongqing.sun@gmail.com

Abstract

Research in virtualization technology has gained significant momentum in recent years, which brings not only opportunities to the forensic community, but challenges as well. In this paper, we discuss the potential roles of virtualization in the area of digital forensics and conduct an investigation on the recent progresses which utilize the virtualization techniques to support modern computer forensics. A brief overview of virtualization is presented and discussed. Further, a summary of positive and negative influences on digital forensics that are caused by virtualization technology is provided. Tools and techniques that are potential to be common practices in digital forensics are analyzed and some experience and lessons in our practice are shared. We conclude with our reflections and an outlook.