Chapter Objectives
- Live acquisitions
- Using forensic tools for internal and external threats
- Conducting forensics analysis on Virtual machines
PowerPoint
Reading
Chapter 10
Hands-on Project: Chapter 10
Hands-on Project 10-1
Hands-on Project 10-3
Hands-on Project 10-4
Case Project 10-3
You have acquire a forensic image of a suspect’s laptop. After doing an examination, you discover at least one VM installed, and you think more data can be found, but you aren’t sure. You decide to make a copy of the VM’s file and mount the VM as an external drive. Write the best procedure for this situation
Topics and Required Reading
Investigating Live Virtual Environments –https://www.sciencedirect.com/topics/computer-science/forensic-acquisition
Live vs Dead Computer Forensic Image Acquisition – https://ijcsit.com/docs/Volume%208/vol8issue3/ijcsit2017080331.pdf
Required Viewing
Chapter 10 – VM – Live Acquisitions – and Network Forensics – https://www.youtube.com/watch?v=JVTv3JaRfjY
Capturing RAM from a live system – https://www.youtube.com/watch?v=hRmHm5jQIQo