A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

Sungsu Lim; Byeongyeong Yoo; Jungheum Park; Keun Duck Byun; Sangjin Lee

doi:10.1016/j.mcm.2011.02.011

A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

Sungsu Lim, Byeongyeong Yoo, Jungheum Park, Keun Duck Byun, Sangjin Lee

Research output: Contribution to journal › Article › peer-review

9 Citations (Scopus)

Abstract

Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

Original language	English
Pages (from-to)	151-160
Number of pages	10
Journal	Mathematical and Computer Modelling
Volume	55
Issue number	1-2
DOIs	https://doi.org/10.1016/j.mcm.2011.02.011
Publication status	Published - 2012 Jan

Keywords

Digital forensics
VMware
Virtual machine
Virtualization

ASJC Scopus subject areas

Modelling and Simulation
Computer Science Applications

Access to Document

10.1016/j.mcm.2011.02.011

Cite this

@article{afa3c3596420432fb87bc33cdbe6d1e4,

title = "A research on the investigation method of digital forensics for a VMware Workstation's virtual machine",

abstract = "Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.",

keywords = "Digital forensics, VMware, Virtual machine, Virtualization",

author = "Sungsu Lim and Byeongyeong Yoo and Jungheum Park and Byun, {Keun Duck} and Sangjin Lee",

note = "Funding Information: This work was supported by the IT R&D program of MKE/KEIT ( 10035157 , Development of Digital Forensic Technologies for Real-Time Analysis).",

year = "2012",

month = jan,

doi = "10.1016/j.mcm.2011.02.011",

language = "English",

volume = "55",

pages = "151--160",

journal = "Mathematical and Computer Modelling",

issn = "0895-7177",

publisher = "Elsevier Limited",

number = "1-2",

}

TY - JOUR

T1 - A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

AU - Lim, Sungsu

AU - Yoo, Byeongyeong

AU - Park, Jungheum

AU - Byun, Keun Duck

AU - Lee, Sangjin

N1 - Funding Information: This work was supported by the IT R&D program of MKE/KEIT ( 10035157 , Development of Digital Forensic Technologies for Real-Time Analysis).

PY - 2012/1

Y1 - 2012/1

N2 - Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

AB - Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

KW - Digital forensics

KW - VMware

KW - Virtual machine

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=82755194854&partnerID=8YFLogxK

U2 - 10.1016/j.mcm.2011.02.011

DO - 10.1016/j.mcm.2011.02.011

M3 - Article

AN - SCOPUS:82755194854

SN - 0895-7177

VL - 55

SP - 151

EP - 160

JO - Mathematical and Computer Modelling

JF - Mathematical and Computer Modelling

IS - 1-2

ER -

A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this