A Lightweight Software Write-blocker for Virtual Machine Forensics

Files in This Item:
 File SizeFormat
Downloadinsight_publication.pdf280.66 kBAdobe PDF
Title: A Lightweight Software Write-blocker for Virtual Machine Forensics
Authors: Tobin, PatrickLe-Khac, Nhien-AnKechadi, Tahar
Permanent link: http://hdl.handle.net/10197/8150
Date: 26-Aug-2016
Online since: 2016-11-25T13:02:13Z
Abstract: The integrity of any original evidence is fundamental to a forensic examination. Preserving the integrity of digital evidence is vitally important as changing just one bit among perhaps gigabits of data, will irrevocably alter that data and cast doubt on any evidence extracted. In traditional digital forensics write-blockers are used to preserve the integrity of that evidence and prevent changes from occurring, but virtual machine forensics presents more difficult challenges to address. Access to the digital storage device will probably not be possible, typically the only accessible storage will be a virtual hard disk drive. This will have the same integrity issues as those of a real device, but with the added complication that it is not possible to use a hardware write-blocker to prevent changes to those data. For this reason it is important to explore how to implement write-blocking mechanisms on a virtual device. In this paper we present an implementation of a software write-blocker and show how we can use it to be compliant with the 2nd ACPO principle on digital evidence.
Type of material: Conference Publication
Publisher: IEEE
Keywords: Machine learningStatisticsDigital forensicsDigital evidenceWrite blockerVirtual machine
DOI: 10.1109/INTECH.2016.7845141
Language: en
Status of Item: Peer reviewed
Is part of: 2016 Sixth International Conference on Innovative Computing Technology (INTECH)
Conference Details: The Sixth International Conference on Innovative Computing Technology (INTECH 2016), Irish Computer Society, Dublin, Ireland, 24-26 August 2016
This item is made available under a Creative Commons License: https://creativecommons.org/licenses/by-nc-nd/3.0/ie/
Appears in Collections:Computer Science Research Collection
Insight Research Collection

Show full item record

Citations 50

Last Week
Last month
checked on Sep 12, 2020

Page view(s) 50

Last Week
Last month
checked on Jan 27, 2022

Download(s) 50

checked on Jan 27, 2022

Google ScholarTM



If you are a publisher or author and have copyright concerns for any item, please email research.repository@ucd.ie and the item will be withdrawn immediately. The author or person responsible for depositing the article will be contacted within one business day.