TY  - CONF

JO  - Availability, Reliability and Security, 2009. ARES '09. International Conference on
TI  - Investigating the Implications of Virtual Machine Introspection for Digital Forensics
T2  - Availability, Reliability and Security, 2009. ARES '09. International Conference on
IS  - 
SN  - 
VO  - 
SP  - 1024
EP  - 1029
AU  - Nance, K.
AU  - Hay, B.
AU  - Bishop, M.
Y1  - 16-19 March 2009
PY  - 2009
KW  - forensic science
KW  - virtual machines
KW  - computer forensics
KW  - digital forensics
KW  - information analysis
KW  - nonquiescent virtual machines
KW  - virtual machine introspection detection
VL  - 
JA  - Availability, Reliability and Security, 2009. ARES '09. International Conference on
DOI  - 10.1109/ARES.2009.173
AB  - Researchers and practitioners in computer forensics currently must base their analysis on information that is either incomplete or produced by tools that may themselves be compromised as a result of the intrusion. Complicating these issues are the techniques employed by the investigators themselves. If the system is quiescent when examined, most of the information in memory has been lost. If the system is active, the kernel and programs used by the forensic investigators are likely to influence the results and as such are themselves suspect. Using virtual machines and a technique called virtual machine introspection can help overcome these limits, but it introduces its own research challenges. Recent developments in virtual machine introspection have led to the identification of four initial priority research areas in virtual machine introspection including virtual machine introspection tool development, applications of virtual machine introspection to non-quiescent virtual machines, virtual machine introspection covert operations, and virtual machine introspection detection.
ER  -