Summary

In this chapter, we outlined how virtualization changes the landscape not just for IT operations, but also for the attacker and forensic specialist. Systems can be created, reshaped, and copied for good and bad reasons.

We provided examples of how to detect possibly malicious behavior or configuration on the vSphere virtualization environment. Moreover, we demonstrated how virtualization can be beneficial in getting untampered RAM dumps from the systems that should be analyzed. In the next chapter, you will see examples on how to analyze these RAM dumps.

With this knowledge, you are now prepared to analyze and utilize virtual environments in your forensic analyses.

Get Mastering Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python Forensics by Dr. Michael Spreitzenbarth, Dr. Johann Uhrmann

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly