Discovering digital evidence from virtual machines: An exploratory study
Abstract
This study explored digital evidence artifacts from a virtual machine that were discovered on a host physical system. To date, Digital forensics has been primarily focused on evidence gathered from physical machines. Over the past ten years, industry has seen the increased use of virtual machines to reduce operating costs and maximize the use of computer hardware. Virtual machines provide users with an isolated and encapsulated environment that can hinder the forensic examination. This research explored the possible locations of forensic data left by VMware virtual machines on the host operating system. A new methodology was developed to conduct exploratory research in digital forensics. The results showed that digital evidence was discoverable on the host file system. It was also possible to determine the user of the virtual machine. This can be used in the development of a process and procedures to forensically examine virtual machines discovered on a physical computer system.
Degree
M.S.
Advisors
Rogers, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.