Forensic Analysis Techniques

Digital forensics is a practice that has been well documented and thoroughly discussed over the years as examiners struggle to keep up with technology that is constantly evolving. Virtualization is no different. It is being met head on using the same core forensic principles employed when analyzing a 4 GB USB storage device:

1. Identify the source of digital evidence, while taking care not to introduce additional artifacts.
2. Forensically acquire the digital evidence, exerting all effort to preserve its integrity.
3. Analyze digital evidence to locate all artifacts of probative value.
4. Report on pertinent findings.

Locating the virtual environment files is the easy part. How to acquire them forensically is ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.