The Hypervisor
The hypervisor is a critical component to what makes virtualization possible. Think of it like a strict traffic cop at a busy four-way intersection with no traffic lights. He must keep the flow of cars moving efficiently at all times. Without permission from the traffic cop, cars cannot move across the intersection and onto their destination. Similarly, a virtual environment has specific requirements and cannot function without system resources. The hypervisor (or VMM) governs systems resources, simulating the Physical layer of the computer system that the operating system requires. Forensically speaking, the hypervisor won’t have any real bearing on what your analysis will entail. It is simply included here as a point of reference ...
Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
