Virtualising Computer ForensicsDr. JianmingCai(email@example.com)Mr. AyoolaAfonja (AYA0230@londonmet.ac.uk)Faculty of ComputingLondon Metropolitan University
Topics • Problems with Teaching Computer Forensics • Introduction to Virtualisation Technology • Moving towards the Virtual Environment • A Case Study • Summary
Problems with Teaching Computer Forensics • Digital evidence from different hard/software platforms • University labs normally equipped with PCs and Ms Windows O.S. • Specialised Computer Forensic Labs needed • What kind of labs we can afford?
Introduction to Virtualisation Technology • Virtualisation - the current trend reshaping the software technology industry • Multiple Virtual Machines (VMs) run concurrently on a physical machine. • Supported by the powerful processors and very large storages • VMware –the leading software, 100% Fortune companies deployed its software
Moving towards the Virtual Environment • The desktop VMware installed on each PC • Both virtual Windows XP and virtual Linux then installed on top of this VMware layer • Students have admin access to each virtual machine. • Both Windows-based and Linux-based Computer Forensics toolkits are running concurrently.
A Case Study • A network incident investigation • Evidence collected from Linux O.S. • Not intended to show Network Forensics techniques • Rather to demonstrate the viability of Forensic Analysis based on VMs
Summary • Teaching Computer Forensics is not only demanding but also expensive. • The Virtual Environment is one of the low cost and efficient solutions. • Its full benefit is being exploited as the Virtualisation Technology advances. • Are we prepared for the Virtualisation era?
Reference  Virtualize Your Business Infrastructure, http://www.vmware.com/, viewed on 10/11/2009  http://www.vmware.com/technology/virtualisation.html viewed on 27/10/09  http://en.wikipedia.org/wiki/Computer_forensics , viewed on 05/05/2009  http://www.guidancesoftware.com/, viewed on 10/11/2009  http://www.sleuthkit.org/autopsy/, viewed on 10/11/2009  Keith J. Jones et al (2006), Real Digital Forensics Computer Security and Incident response, Addison-Wesley, USA.  http://www.remote-exploit.org/backtrack.html, viewed on 10/11/2009  Dan Farmer and Wietse Venema (2005) Forensic Discovery, Addison-Wesley, ISBN 0-201-63497-X  Intrusion Detection Level Analysis of Nmap and Queso, http://www.securityfocus.com/infocus/1225, viewed on 28-08-09  http://en.wikipedia.org/wiki/Nikto_Web_Scanner, viewed on 10/11/2009