Abstract
Computer virtualization is not new; however, it has become increasingly important because of the many advantages it offers businesses and individuals to reduce costs. A company can reduce maintenance, hardware, and energy costs by running virtualized servers on a single physical machine. Although virtualization offers these advantages, it introduces new challenges to current computer forensic techniques as well as computer system defense tools. As this technology continues to be adopted by more and more companies every year, malware and hacker attacks are potentially going to affect virtualized systems as they have been affecting physical systems in the past. Therefore, the increasing growth of virtualization has created the need for a new generation of computer system defenses as well as computer forensic techniques to effectively defend these systems before or after they have been attacked. Because of the nature of how virtualization operates, new techniques to interact with these systems have become available. These techniques allow us to increase the effectiveness of current forensic and system defense tools to create new tools to defend or analyze virtualized systems. Virtual Machine Introspection (VMI) is one of these techniques that have formed the basis of a number of novel approaches in the field of Digital Forensics and Cybersecurity. In this paper, we present what VMI has offered to Digital Forensics and the new challenges it brings. Likewise, we discuss why traditional Digital Forensic techniques are not reliable to analyze virtual machines once they have been attacked.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call