Buy New
$48.40
Qty:1
  • List Price: $62.95
  • Save: $14.55 (23%)
Only 4 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Virtualization and Forens... has been added to your Cart
Trade in your item
Get a $1.95
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environments Paperback – June 1, 2010

ISBN-13: 978-1597495578 ISBN-10: 1597495573 Edition: 1st

Buy New
Price: $48.40
29 New from $38.27 13 Used from $38.50
Rent from Amazon Price New from Used from
Kindle
"Please retry"
$15.86
Paperback
"Please retry"
$48.40
$38.27 $38.50
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student



Editorial Reviews

From the Back Cover

Virtualization creates new and difficult challenges for forensic investigations. Operating systems and applications running in virtualized environments often leave few traces, yielding little evidence with which to conduct an investigation.

Virtualization and Forensics offers an in-depth view into the world of virtualized environments and the implications they have on forensic investigations. Part I explains the process of virtualization and the different types of virtualized environments. Part II details how virtualization interacts with the basic forensic process, describing the methods used to find virtualization artifacts in dead and live environments as well as identifying the virtual activities that affect the examination process. Part III address advanced virtualization issues, such as the challenges of virtualized environments, cloud computing, and the future of virtualization. After reading this book, you'll be equipped to conduct investigations in these environments with confidence.

About the Author

Diane Barrett has been a contract forensic examiner at ForenTech since Oct. 2006 and is Professor for Computer Forensics and Network Security programs at the University of Advancing Technology. Additionally, Diane is the Faculty Council Chair for the systems development group and teaches several short online classes for web-based learning sites such as HP and Forbes. CCNA, CISSP, ISSMP, IAM/IEM Certified Steganographer, CCE Certificate of completion.

Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics."
NO_CONTENT_IN_FEATURE
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 272 pages
  • Publisher: Syngress; 1 edition (June 1, 2010)
  • Language: English
  • ISBN-10: 1597495573
  • ISBN-13: 978-1597495578
  • Product Dimensions: 7.5 x 0.6 x 9.2 inches
  • Shipping Weight: 1 pounds (View shipping rates and policies)
  • Average Customer Review: 3.6 out of 5 stars  See all reviews (20 customer reviews)
  • Amazon Best Sellers Rank: #1,653,335 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

As a virtualization professional (full disclosure: i work at VMware), i was very interested in reading this book.
Mike
Material covered here gives you the who ,what, when , where, and thus you can find the why, in the workings of detailed tools that they know very well.
Santeria
Although the forensic analysis of virtual systems isn't as detailed as compared to a basic digital forensics book, I don't believe it should be.
Brett Shavers

Most Helpful Customer Reviews

14 of 14 people found the following review helpful By Mike on November 4, 2010
Format: Paperback Vine Customer Review of Free Product ( What's this? )
As a virtualization professional (full disclosure: i work at VMware), i was very interested in reading this book. However i was very disappointed. When reading the section on server virtualization, i was surprised to find that the author made no mention of ESXi nor ESX in the discussion of VMware's solution - which is probably the most likely virtualization OS that a forensics professional would encounter.

The book reads like a preliminary draft of a master thesis; basically providing a survey of some of the literature and tools available for forensics. Very little detail is given and pages are wasted with screen shots of the various virtualization platform tools and lists of files, which could have easily been provided on a DVD or via a book support website, but i assume were printed to pad the book (which is very short considering the breadth of the topic area and the number of solution discussed - ~220 pages). An obvious missing component to the book was a DVD or glossary of the websites for free tools that could be used. Much of the information in the book could be found within minutes via google. I was surprised to find no mention of Open VZ which is the basis of Parallels Virtuozzo Containers.

There is no real practical or actionable information that specifically helps you with the forensic analysis of virtual environments. The book is full of questions and no answers - not worth the paper.
3 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 10 people found the following review helpful By Richard Bejtlich on July 26, 2010
Format: Paperback
"Virtualization and Forensics" (VAF) offers "a digital forensic investigator's guide to virtual environments" as its subtitle. Eric Cole's introduction says "How do we analyze the [virtual] systems forensically since standard methods no longer work? Let me introduce a key piece of research and literature, VAF." I disagree with Eric's claim: I did not find VAF to be a compelling resource for forensic investigators of virtual environments. If an author writes a book on virtual forensics, I would expert more advice on how to accomplish the task, and less description of virtual environments. Unfortunately, VAF spends most of its time talking about virtual systems and not enough time helping investigators analyze them.

The bulk of VAF either 1) describes virtual systems in generic terms or 2) discusses other people's research regarding virtual environments. One of the few original sections appears in chapter 5, where the authors list artifacts from installation of virtualization software on Windows computers. Besides that chapter, the authors don't directly show how to do much of anything in the way of investigation. For example, on pp 123-4, why don't the authors demonstrate how to acquire memory from a system running ESXi, instead of providing a few sentences? I got the impression that the authors conducted some thought experiments regarding investigating virtual environments, but didn't really have experience in production.

On the quality side, I found some of the screen captures to be way too small. In other cases, I wondered what I was supposed to learn from them. Elsewhere, I wondered about the logic of taking screen captures of netstat output. Why not redirect the output to a file and print that in the text, and better yet, explain what it is supposed to mean?
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 3 people found the following review helpful By Christopher Powell VINE VOICE on January 16, 2011
Format: Paperback Vine Customer Review of Free Product ( What's this? )
I'm a VCP (VMware certified professional) and a Microsoft Engineer (MCSE/MCITP) and was looking for a more in depth approach to forensics as it is approached. While the book was nicely laid out for instruction on the basics of virtualization and the structures and impacts of design, it offered little in practical execution of forensics in these environments. As another reviewer stated, its more of a primer to get a forensics investigator to ask questions, while providing very little in the directions for answers.

I would recommend this book to information security folks who have not yet ventured into the virutal environments sector as very informational on entering the topic. The screen shots are newbie friendly to help add context to those who are not experienced with these environments. For those of use who have worked such environments for years, they are filler and provide little value.

For anyone looking to enhance their forensic toolkits, you will have to look elsewhere, this is an introduction.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 2 people found the following review helpful By D. Baer VINE VOICE on September 22, 2010
Format: Paperback Vine Customer Review of Free Product ( What's this? )
I am not a forensics expert and have never been involved with digital forensics aside from providing someone access to an unaltered machine for capture. I found the forensics information in this book to be very interesting, informative, and strong.

I am deeply involved with datacenter virtualization technologies and feel that the virtualization information presented here is very rudimentary. This may be a good primer for those investigators not familiar with the different technologies available today for hiding activities at the desktop level.

I think there is some confusion about the different VMware technologies in particular (ESXi has no 'service console' unless someone has activated it manually). Some inaccurate information just gave be an uneasy feeling about this book. For example, the OVF format is attributed to the DMTF, but this standard was actually a joint proposal TO the DMTF by Dell, HP, IBM, Microsoft, VMware and XenSource back in September of 2007. Not a big deal, but arguably inaccurate. In addition, there is a statement in the book that compromising one of the guest OSes within a VM automatically buys the attacker all of the other VMs on the same host. Compromising the *host* OS will generally give access to the VMs, but the isolation property of virtualization prevents interaction between VMs on the same host. Even compromising a VM on a host does not necessarily grant access to the host OS.

All complaints aside, I learned about some client-side virtual environments that I had never considered previously, so I can't say that this book has no value from the virtualization perspective.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


Frequently Bought Together

Virtualization and Forensics: A Digital Forensic Investigator's Guide to Virtual Environments + Cloud Storage Forensics
Price for both: $107.15

Buy the selected items together
  • Cloud Storage Forensics $58.75