The 10 Minute Guide to Forensics and Virtualization (Ubuntu/VBox style) | Digital Forensics Magazine Blog

viaForensics’ CIO, Andrew Hoog, discusses virtualization in digital forensics:

While virtualization is a key technology in the infrastructure of many enterprises, it is essential in the operation of a digital forensic organization. Virtualization can be used in number ways, include:

- Return analyst workstation to validated state for each investigation

- Data recovery by attaching dd image of a drive as a secondary drive on a VM and running recovery software

- Booting a dd image (similar to liveview)

- Application and system profiling/footprinting essentially to the scientific method

- Develop virtual appliances for specific functions (i.e. Android forensics appliance)

And these are just a few examples. I’m sure many of you have additional uses you can share.

Read the full article here: The 10 Minute Guide to Forensics and Virtualization (Ubuntu/VBox style) | Digital Forensics Magazine Blog.