Conferences and Workshops

• LASER 2013 (papers due June 27)

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

This Quarter’s Classes

---

Office Hours for This Quarter

---

Contacting Me

---

My Personal Blog
(Last Entry May 10, 2013)

---

Current Time in Davis, CA, USA

Investigating the Implications of Virtual Machine Introspection for Digital Forensics

Citation

• K. Nance, B. Hay, and M. Bishop, “Investigating the Implications of Virtual Machine Introspection for Digital Forensicsk,” Proceedings of the 2009 International Conference on Availability, Reliability and Security pp. 1024–1029 (Mar. 2009).

Paper

• PDF
• PS

Bibliographic Information

• DOI: 10.1109/ARES.2009.173
• BibTeX
• EndNote

Abstract

Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the identification of four initial priority research areas in virtual machine introspection including virtual machine introspection tool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.

Copyright Notice

©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in the Proceedings of the 2009 International Conference on Availability, Reliability and Security, Mar. 2009.

---

Last updated on Friday, May 10, 2013 at 11:21:45AM PDT