A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

Sungsu Lim, Byeongyeong Yoo, Jungheum Park, KeunDuck Byun, Sangjin Lee

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

Original languageEnglish
Pages (from-to)151-160
Number of pages10
JournalMathematical and Computer Modelling
Volume55
Issue number1-2
DOIs
Publication statusPublished - 2012 Jan 1

Fingerprint

Digital Forensics
Computer workstations
Virtual Machine
Recovery
Virtualization
Digital forensics
Virtual machine
Coverage
Hardware

Keywords

  • Digital forensics
  • Virtual machine
  • Virtualization
  • VMware

ASJC Scopus subject areas

  • Computer Science Applications
  • Modelling and Simulation

Cite this

A research on the investigation method of digital forensics for a VMware Workstation's virtual machine. / Lim, Sungsu; Yoo, Byeongyeong; Park, Jungheum; Byun, KeunDuck; Lee, Sangjin.

In: Mathematical and Computer Modelling, Vol. 55, No. 1-2, 01.01.2012, p. 151-160.

Research output: Contribution to journalArticle

Lim, Sungsu ; Yoo, Byeongyeong ; Park, Jungheum ; Byun, KeunDuck ; Lee, Sangjin. / A research on the investigation method of digital forensics for a VMware Workstation's virtual machine. In: Mathematical and Computer Modelling. 2012 ; Vol. 55, No. 1-2. pp. 151-160.
@article{afa3c3596420432fb87bc33cdbe6d1e4,
title = "A research on the investigation method of digital forensics for a VMware Workstation's virtual machine",
abstract = "Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.",
keywords = "Digital forensics, Virtual machine, Virtualization, VMware",
author = "Sungsu Lim and Byeongyeong Yoo and Jungheum Park and KeunDuck Byun and Sangjin Lee",
year = "2012",
month = "1",
day = "1",
doi = "10.1016/j.mcm.2011.02.011",
language = "English",
volume = "55",
pages = "151--160",
journal = "Mathematical and Computer Modelling",
issn = "0895-7177",
publisher = "Elsevier Limited",
number = "1-2",

}

TY - JOUR

T1 - A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

AU - Lim, Sungsu

AU - Yoo, Byeongyeong

AU - Park, Jungheum

AU - Byun, KeunDuck

AU - Lee, Sangjin

PY - 2012/1/1

Y1 - 2012/1/1

N2 - Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

AB - Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

KW - Digital forensics

KW - Virtual machine

KW - Virtualization

KW - VMware

UR - http://www.scopus.com/inward/record.url?scp=82755194854&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=82755194854&partnerID=8YFLogxK

U2 - 10.1016/j.mcm.2011.02.011

DO - 10.1016/j.mcm.2011.02.011

M3 - Article

AN - SCOPUS:82755194854

VL - 55

SP - 151

EP - 160

JO - Mathematical and Computer Modelling

JF - Mathematical and Computer Modelling

SN - 0895-7177

IS - 1-2

ER -