Virtualization creates new and difficult challenges for forensic investigations. Operating systems and applications running in virtualized environments often leave few traces, yielding little evidence with which to conduct an investigation.
Virtualization and Forensics offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III address advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. After reading this book, you'll be equipped to conduct investigations in these environments with confidence.
Gives you the end-to-end knowledge needed to identify server, desktop, and portable virtual environments, including: VMware, Parallels, Microsoft, and Sun
Covers technological advances in virtualization tools, methods, and issues in digital forensic investigations
Explores trends and emerging technologies surrounding virtualization technology
Windows Forensics: The Field Guide for Corporate Computer Investigations
The evidence is in--to solve Windows crime, you need Windows tools
An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.
The Official CHFI Study Guide (Exam 312-49) This is the only official, EC-Council-endorsed CHFI (Computer Hacking Forensics Investigator) study guide. It was written for security professionals, systems administrators, IT consultants, legal professionals, IT managers, police and law enforcement personnel studying for the CHFI certification, and professionals needing the skills to identify an...
Windows Sysinternals Administrator's Reference
The Sysinternals Suite is a set of over 70 advanced diagnostic and troubleshooting utilities
for the Microsoft Windows platform written by me—Mark Russinovich—and Bryce Cogswell.
Since Microsoft’s acquisition of Sysinternals in 2006, these utilities have been available for
free download from...