6 Investigating Live Virtual Environments

Information in This Chapter

• The Fundamentals of Investigating Live Virtual Environments
• Artifacts
• Processes and Ports
• Log Files
• VM Memory Usage
• Memory Analysis
• ESXi Analysis
• Microsoft Analysis Tools
• Moving Forward

For a long time, digital forensics used only static or “dead” drive analysis. In fact, in many cases, it is still the main method of finding evidence. In this type of acquisition, often the evidence found is sparse or partially missing. As technology advances, dead drive forensics will be faced with challenges such as complex networking, larger drive capacity, and encryption.

With the increase in the amount of recoverable evidence, live investigations and acquisitions ...

Get Virtualization and Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Virtualization and Forensics by Greg Kipper, Diane Barrett

6 Investigating Live Virtual Environments

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly