A Taxonomy of Hypervisor Forensic Tools - Advances in Digital Forensics XVI
Conference Papers Year : 2020

A Taxonomy of Hypervisor Forensic Tools

Abstract

Cloud computing models are deployed on a compute server whose hardware resources are virtualized to enable multiple virtual machines to run on a single physical system. Several types of virtualization such as bare metal and hosted virtualization are available along with virtualization modes such as full, paravirtualized, hardware-assisted and paravirtualized-hardware-assisted virtualization. Virtual machines are inaccessible from each other when the physical server hardware is abstracted in the full virtualization mode. Physical information such as hard disk drives and server memory are made available in a virtualized environment as a virtual hard disk, vCPU and guest operating system state.Hypervisor operations generate copious amounts of data that are of value in forensic investigations of virtualized cloud environments. This chapter presents a taxonomy of hypervisor forensic tools, which provides a searchable catalog for forensic practitioners to identify specific tools that fulfill their technical requirements. A case study involving a KVM hypervisor demonstrates the evidence that can be found in a virtual machine at the virtual machine manager and host system layers.
Fichier principal
Vignette du fichier
503209_1_En_10_Chapter.pdf (211.43 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03657231 , version 1 (02-05-2022)

Licence

Identifiers

Cite

Anand Kumar Mishra, Mahesh Govil, Emmanuel Pilli. A Taxonomy of Hypervisor Forensic Tools. 16th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2020, New Delhi, India. pp.181-199, ⟨10.1007/978-3-030-56223-6_10⟩. ⟨hal-03657231⟩
44 View
243 Download

Altmetric

Share

More