[Name of Writer]

[Name of Instructor]

[Subject]

[Date]

Computer Forensic Analysis in a Virtual Environment

Introduction

This paper is all about the examination of the virtual environment of the VM Ware application for the duration of the analysis stage of the forensics investigation of a computer. It is revealed that the environment produced by the VM Ware is considerably different from the initial computer system and due to this; the VM Ware is quite improbable of producing court permissible substantiation. A new approach is proposed wherein two sorts of environments are employed independently and concurrently, virtual and conventional. After the collection of the images in a forensically firm manner, a couple of replicas are created. One of the copies is secured employing rigorous chain of protection regulations, while the other one is forwarded to a forensics technician who operates on it in a virtual machine environment which is not confined by stiff forensics processes. All the findings are recorded and forwarded to a more authorized individual who verifies them according to the forensics regulations. A further benefit is that the demonstration of the findings becomes easier to non technical addressees due to the virtual machine environment.

Computer Forensic Analysis in a Virtual Environment

Virtual machine refers to a software product that permits the user to develop single or more discrete environments, each conjuring up their respective range of hardware as well as their respective software. Preferably, every virtual machine must serve as a completely autonomous computer with its separate hardware and its separate operating system. The user may manipulate every environment autonomously as per their requirement, and they may interconnect the virtual computers or even link them up with an external physical network. Although this approach is flexible and powerful, it necessitates numerable supplementary resources, for the reason that every virtual computer employs real components of hardware contained in the computer on which it runs. It must further be notified that the virtual machine software is complicated, and several restrictions and compromises are to be anticipated. Anybody who wants to utilize it must have a fine knowledge of what may or may not be accomplished. This sort of approach is unfeasible in reproducing the initial environment because of a lot of probable hardware mishmashes. In case the image is booted on a machine with a diverse configuration of hardware, the operating system would locate these diversities and try to get the missing drivers installed. Moreover, a few installed software products and services might rebuff to start or even the system might not be able to boot at all. These and other similar problems are there in the virtual machine environment (Brown, 2005). Virtual machine mocks up just a few fundamental components of the hardware; it is not developed to impart complete backing for an extensive variety of hardware devices. The achieved image may not be instantly booted in a virtual machine environment since virtual machine necessitates supplementary files carrying data regarding the environment to be booted.

A recommendation has been provided by the Australian Institute of Criminology guide that ...