Schließen
  • Treffer 1 von 2
Zurück zur Trefferliste

VMI-PL: A monitoring language for virtual platforms using virtual machine introspection

  • With the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the investigator/researcher we have developed a new VMI monitoring language. This language is based on a review of the most commonly used VMI-techniques to date, and it enables the user to monitor the virtual machine's memory, events and data streams. A prototype implementation of our monitoring system was implemented in KVM, though implementation on any hypervisor that uses the common x86 virtualization hardware assistance support should be straightforward. Our prototype outperforms the proprietary VMWare VProbes in many cases, with a maximum performance loss of 18% for a realistic test case, which we consider acceptable. Our implementation isWith the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the investigator/researcher we have developed a new VMI monitoring language. This language is based on a review of the most commonly used VMI-techniques to date, and it enables the user to monitor the virtual machine's memory, events and data streams. A prototype implementation of our monitoring system was implemented in KVM, though implementation on any hypervisor that uses the common x86 virtualization hardware assistance support should be straightforward. Our prototype outperforms the proprietary VMWare VProbes in many cases, with a maximum performance loss of 18% for a realistic test case, which we consider acceptable. Our implementation is freely available under a liberal software distribution license. (C) 2014 Digital Forensics Research Workshop. Published by Elsevier Ltd. All rights reserved.zeige mehrzeige weniger

Metadaten exportieren

Weitere Dienste

Suche bei Google Scholar Statistik - Anzahl der Zugriffe auf das Dokument
Metadaten
Verfasserangaben:Florian Westphal, Stefan Axelsson, Christian Neuhaus, Andreas PolzeORCiDGND
DOI:https://doi.org/10.1016/j.diin.2014.05.016
ISSN:1742-2876
ISSN:1873-202X
Titel des übergeordneten Werks (Englisch):Digital Investigation : the international journal of digital forensics & incident response
Verlag:Elsevier
Verlagsort:Oxford
Publikationstyp:Wissenschaftlicher Artikel
Sprache:Englisch
Jahr der Erstveröffentlichung:2014
Erscheinungsjahr:2014
Datum der Freischaltung:27.03.2017
Freies Schlagwort / Tag:Classification; Introspection; Live forensics; Monitoring language; Security; Virtualization
Band:11
Seitenanzahl:10
Erste Seite:S85
Letzte Seite:S94
Organisationseinheiten:An-Institute / Hasso-Plattner-Institut für Digital Engineering gGmbH
Peer Review:Referiert

KOBV Logo  OAI Logo  DINI Zertifikat 2007  OA Netzwerk Logo

Verstanden ✔
Diese Webseite verwendet technisch erforderliche Session-Cookies. Durch die weitere Nutzung der Webseite stimmen Sie diesem zu. Unsere Datenschutzerklärung finden Sie hier.