Forensic Analysis of Virtual Hard Drives

Files in This Item:
 File SizeFormat
Downloadinsight_publication.pdf119.6 kBAdobe PDF
Title: Forensic Analysis of Virtual Hard Drives
Authors: Tobin, PatrickLe-Khac, Nhien-AnKechadi, Tahar
Permanent link:
Date: 31-Mar-2017
Online since: 2019-03-22T08:57:32Z
Abstract: The issue of the volatility of virtual machines is perhaps the most pressing concern in any digital investigation involving a virtual machine. Current digital forensics tools do not fully address the complexities of data recovery that are posed by virtual hard drives. It is necessary, for this reason, to explore ways to capture evidence, other than those using current digital forensic methods. Data recovery should be done in the most efficient and secure manner, as quickly, and in an as non-intrusive way as can be achieved. All data in a virtual machine is disposed of when that virtual machine is destroyed, it may not therefore be possible to extract and preserve evidence such as incriminating images prior to destruction. Recovering that evidence, or finding some way of associating that evidence with the virtual machine before destruction of that virtual machine, is therefore crucial.In this paper we present a method for extracting evidence from a virtual hard disk drive in a quick, secure and verifiable manner, with a minimum impact on the drive thus preserving its integrity for further analysis.
Funding Details: Science Foundation Ireland
Type of material: Journal Article
Publisher: The Association of Digital Forensics, Security and Law
Journal: Journal of Digital Forensics, Security and Law
Volume: 12
Issue: 1
Start page: 46
End page: 58
Keywords: Virtual machineDigital forensicsVirtual machine forensicsData recoveryPreserving evidenceVitual hard drive
DOI: 10.15394/jdfsl.2017.1438
Other versions:
Language: en
Status of Item: Peer reviewed
This item is made available under a Creative Commons License:
Appears in Collections:Insight Research Collection

Show full item record

Page view(s)

Last Week
Last month
checked on Jan 26, 2022


checked on Jan 26, 2022

Google ScholarTM



If you are a publisher or author and have copyright concerns for any item, please email and the item will be withdrawn immediately. The author or person responsible for depositing the article will be contacted within one business day.