Chapter 12. Digital Forensics and Data Recovery

Digital forensics is an increasingly important field for the IT security specialist. The goal of digital forensics is to determine who did what, when, where, and how. This is a difficult task at the best of times, but with the advent of virtualization it is nearly impossible. It requires extremes in patience and diligence. A digital forensics practitioner is part engineer, part scientist, and part magician. Often what they discover is used within the court of law as additional evidence to try to prove the case, one way or another.

Virtualization adds a huge level of complexity to an already complex field. Four basic steps to digital forensics are of interest to the security specialist of any organization. ...

Get VMware vSphere™ and Virtual Infrastructure Security: Securing the Virtual Environment now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.