With popularity of virtualized computing continuing to grow, it is crucial that digital forensic knowledge keeps pace. This research sought out to identify the forensic artifacts and their locations that may be recovered from a VMware Workstation virtual machine running Windows 7 ×64. Several common forensic tools were used to conduct this research, namely AccessData’s Forensic Toolkit (FTK), FTK Imager, and FTK Registry Viewer. This research verified the processes required to gather digital evidence from a virtual machine disk (VMDK) file, creation of a forensic image, and mounting of evidence into these forensic tools. This research then proceeded to document recovered artifacts and their locations related to system configuration, internet usage, file creation and deletion, user administration, and more.
CITATION STYLE
Smith, C., Dietrich, G., & Choo, K. K. R. (2018). Identification of forensic artifacts in VMWare virtualized computing. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 239, pp. 85–103). Springer Verlag. https://doi.org/10.1007/978-3-319-78816-6_7
Mendeley helps you to discover research relevant for your work.