Virtualization and Forensics



Similar documents
Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Virtualization Forensics: Acquisition and analysis of a clustered VMware ESXi servers

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Risk Analysis and the Security Survey

Managing Data in Motion

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Digital Forensics with Open Source Tools

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Acronis Backup Product Line

Customer Relationship Management

Networking for Caribbean Development

Professional Xen Visualization

Reader s Choice Preferred product

Measuring Data Quality for Ongoing Improvement

A cure for Virtual Insanity: A vendor-neutral introduction to virtualization without the hype

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Eleventh Hour Security+

Data Warehousing in the Age of Big Data

Installing & Using KVM with Virtual Machine Manager COSC 495

Study Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

IOS110. Virtualization 5/27/2014 1

Rapid System Prototyping with FPGAs

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and.

9/26/2011. What is Virtualization? What are the different types of virtualization.

Outline. Introduction Virtualization Platform - Hypervisor High-level NAS Functions Applications Supported NAS models

Expert Reference Series of White Papers. vterminology: A Guide to Key Virtualization Terminology

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Virtualization with Windows

Virtualization. Types of Interfaces

VMware VDR and Cloud Storage: A Winning Backup/DR Combination

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

AN INTRODUCTION TO SERVER VIRTUALIZATION

Private Cloud Computing

Network Security: A Practical Approach. Jan L. Harrington

Forensic Challenges in Virtualized Environments

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

Research Challenges in Virtualization. Steven Hand Senior Architect, Citrix R&D Reader in Computer Systems, U. Cambridge

The Do s and Don ts of Server Virtualization Back to basics tips for Australian IT professionals

Complete Data Protection & Disaster Recovery Solutions

Virtualization for Security

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

Intro to Virtualization

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

Vmware VSphere 6.0 Private Cloud Administration

Private Equity and Venture Capital in Europe

APS Connect Denver, CO

Virtualization & Cloud Computing (2W-VnCC)

SEP sesam Backup & Disaster Recovery Overview

Virtualization and Cloud Computing

Comparing Free Virtualization Products

Running vtserver in a Virtual Machine Environment. Technical Note by AVTware

Learn the Essentials of Virtualization Security

Metrics and Methods for Security Risk Management

Virtualization Technologies. Embrace the new world of healthcare

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration

Enterprise Cloud Management

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Distributed Systems. Virtualization. Paul Krzyzanowski

Cloud Computing. Implementation, Management, and Security. John W. Rittinghouse James F. Ransome

Virtualization and Disaster Recovery

Backup and recovery as agile as the virtual machines being protected

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Virtualization in Enterprise Environment. Krisztian Egi

Course Title: Virtualization Security, 1st Edition

Simplifying Server Workload Migrations

Acronis Backup & Recovery 11.5

Introduction to Virtualization

RELIABILITY AND AVAILABILITY OF CLOUD COMPUTING. Eric Bauer. Randee Adams IEEE IEEE PRESS WILEY A JOHN WILEY & SONS, INC.

Acronis Backup Advanced Version 11.5 Update 6

Master Data Management

Forensic Acquisition and Analysis of VMware Virtual Hard Disks

SCO Virtualization Presentation to Customers

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

CHAPTER 2 THEORETICAL FOUNDATION

The Xen of Virtualization

Enabling Technologies for Distributed Computing

IT Networking and Security

Implementing and Managing Windows Server 2008 Hyper-V

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Learn the essentials of virtualization security

Organisational preparedness for hosted virtual desktops in the context of digital forensics

Our Cloud Backup Solution Provides Comprehensive Virtual Machine Data Protection Including Replication

Virtualization System Security

Taking Virtualization to the Next Level: Private Cloud and Bring Your Own Device (BYOD)

13.1 Backup virtual machines running on VMware ESXi / ESX Server

TechTarget Virtualization Media. E-Guide

Supply Chain Strategies

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Definitions. Hardware Full virtualization Para virtualization Hosted hypervisor Type I hypervisor. Native (bare metal) hypervisor Type II hypervisor

End to end application delivery & Citrix XenServer 5. John Glendenning Vice President Server Virtualization, EMEA

Asigra Cloud Backup V13.0 Provides Comprehensive Virtual Machine Data Protection Including Replication

Transcription:

Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of Elsevier SYNGRESS,

CONTENTS Acknowledgments Introduction About the Authors xiii xv xvii PART 1 VIRTUALIZATION 1 Chapter 1 How Virtualization Happens 3 Physical Machines 5 How Virtualization Works 5 Virtualizing Operating Systems 7 Virtualizing Hardware Platforms 8 Server Virtualization 8 Hypervisors 10 Bare-Metal Hypervisor (Type 1) 10 Embedded Hypervisor 10 Hosted Hypervisor (Type 2) 11 Main Categories of Virtualization 12 Full Virtualization 12 Paravirtualization 13 Hardware-Assisted Virtualization 14 Operating System Virtualization 14 Application ServerVirtualization 16 Application Virtualization 17 NetworkVirtualization 18 Storage Virtualization 18 Service Virtualization 19 Benefits of Virtualization 20 Cost of Virtualization 21 Summary 23 References 23 Bibliography 24 Chapter 2 Server Virtualization 25 What Is ServerVirtualization? 25 The Purpose of ServerVirtualization 26 Server Virtualization:The Bigger Picture 27 v

Vi CONTENTS Differences between Desktop and Server Virtualization 29 Common Virtual Servers 30 VMware Server 30 Microsoft Virtual Server 32 Citrix XenServer 33 Oracle VM 33 Summary 35 References 35 Bibliography 35 Chapter 3 Desktop Virtualization 37 What Is Desktop Virtualization? 37 Why Is It Useful? 38 Common Virtual Desktops 39 VMware 39 VMware Fusion 40 Microsoft Virtual PC 42 Parallels 44 Sun VirtualBox 47 Xen 48 Virtual Appliances and Forensics 50 Penguin Sleuth Kit 50 The RevealerToolkit 51 Intelica IP Inspect Virtual Appliance 51 Helix 2008R1 51 CAINE 0.3 52 Virtual Desktops as a Forensic Platform 53 Summary 54 Bibliography 54 Chapter 4 Portable Virtualization, Emulators, and Appliances 57 MojoPac 58 MokaFive 62 Preconfigured Virtual Environments 66 VMware 66 Microsoft 67 Parallels 69

CONTENTS VÜ Xen 70 Virtual Appliance Providers 71 JumpBox Virtual Appliances 71 VirtualBox 72 Virtualization Hardware Devices 72 Virtual Privacy Machine 74 Virtual Emulators 75 Bochs 75 DOSBox 76 Future Development 78 Summary 78 References 78 Bibliography 78 PART 2 FORENSICS 81 Chapter 5 Investigating Dead Virtual Environments 83 Install Files 85 VMware Server 85 VMware Workstation 86 Microsoft Virtual PC - Microsoft Virtual PC 2007 86 MojoPac 86 MokaFive 88 Virtual Privacy Machine 90 Bochs 90 DOSBox 92 Remnants 92 MojoPac 94 MokaFive 95 Virtual Privacy Machine 96 VMware 97 Microsoft 97 Citrix Xen 98 Bochs 99 DOSBox 99 Virtual Appliances 99 Registry 100

viii CONTENTS MojoPac 100 MokaFive 100 Bochs 101 DOSBox 101 VMware and Microsoft 101 Microsoft Disk Image Formats 102 Data to Look for 104 InvestigatorTips 106 Summary 106 References 107 Bibliography 107 Chapter 6 Investigating Live Virtual Environments 109 The Fundamentals of Investigating Live Virtual Environments 110 Best Practices 111 Virtual Environments 111 Artifacts 113 Processes and Ports 114 Virtual Environment File Ports and Processes 114 VMware andtomcat 116 IronKey andtor 116 SPICE 118 Log Files 118 VM Memory Usage 119 Memory Management 120 Memory Analysis 121 ESXi Analysis 123 Microsoft AnalysisTools 124 Moving Forward 125 Trace Collection for a Virtual Machine 126 Separate Swap Files Corresponding to Different Virtual Machines in a Host Computer System 126 Profile Based Creation of Virtual Machines in a Virtualization Environment 126 System and Methods for Enforcing Software License Compliance with Virtual Machines 126 System and Method for Improving Memory Locality of Virtual Machines 127

CONTENTS IX Mechanism for Providing Virtual Machines for Use by Multiple Users 127 Summary 127 References 128 Bibliography 128 Chapter 7 Finding and Imaging Virtual Environments 129 Detecting Rogue Virtual Machines 129 Alternate Data Streams and Rogue Virtual Machines 132 Is It Real or Is It Memorex? 136 Virtual MachineTraces 138 Imaging Virtual Machines 143 Snapshots 146 Snapshot Files 146 VMotion 147 Identification and ConversionTools 147 Live View 148 Winlmage 149 Virtual Forensic Computing 149 Environment to Environment Conversion 149 VM File Format Conversions 150 Summary 150 References 151 Bibliography 151 PART 3 ADVANCED VIRTUALIZATION 153 Chapter 8 Virtual Environments and Compliance 155 Standards 155 Compliance 156 Regulatory Requirements 158 Discoverability of Virtual Environment 161 Legal and Protocol Document Language 162 Organizational Chain of Custody 166 Acquisition 167 VM Snapshots versus Full Machine Imaging 167 Mounting Virtual Machines 168

X CONTENTS Data Retention Policies 168 Virtual Machine Sprawl 169 The Dynamic Movement of VMs 170 Backup and Data Recovery 171 Summary 172 References 172 Bibliography 173 Chapter 9 Virtualization Challenges 175 Data Centers 175 Storage Area Networks, Direct Attached Storage, and Network Attached Storage 176 Cluster File Systems 177 Analysis of Cluster File Systems 181 Security Considerations 181 Technical Guidance 181 VM Threats 182 Hypervisors 183 Virtual Appliances 184 TheVM 184 Networking 185 Malware and Virtualization 185 Detection 186 Red Pill, Blue Pill, No Pill 186 Blue Pill 187 Red Pill and No Pill 187 Other Rootkits 188 Other Methods of Finding VMs 189 Additional Challenges 190 Encryption 190 Solid-State Drives 191 New File Systems and DiskTypes 192 Compression and Data Deduplication 192 Virtualization Drawbacks 193 Summary 194 References 194 Bibliography 195

CONTENTS XI Chapter 10 Cloud Computing and the Forensic Challenges 197 What Is Cloud Computing? 198 Multitenancy 199 Cloud Computing Services 199 Infrastructure-as-a-Service 199 Platform-as-a-Service 200 Desktops-as-a-Service 200 Software-as-a-Service 201 Other Cloud Computing Services 202 Streaming Operating Systems 203 Application Streaming 203 Virtual Applications 204 Benefits and Limitations of Virtual Applications 204 Cloud Computing, Virtualization, and Security 205 Cloud Computing and Forensics 206 Conducting a Forensic Investigation on a Cloud Environment 206 Incident Response 207 Conducting a Forensic Investigation in a Cloud Environment 208 Summary 209 Bibliography 209 Chapter 11 Visions of the Future: Virtualization and Cloud Computing 211 Future of Virtualization 211 Hardware Hypervisors 212 Virtual Machines Will Be Used for Antiforensics 212 Mobiles and Virtualization 212 VMware Mobile Virtualization Platform 213 The Evolving Cloud 214 Trends in Cloud Computing 214 More Robust Legal Procedures Will Be Developed 216 Data-FlowToolsWill Evolve 216 The Home Entrepreneur 217 The ipad,tablet, and Slate 217 Autonomic Computing 218 Summary 219 Bibliography 219

xii CONTENTS Appendix: Performing Physical-to-Virtual and Virtual-to-Virtual Migrations 221 Glossary 245 Index 251

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information