Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments by Dianne Barrett and Gregory Kipper is a book packed with information. Unlike my last Syngress book review on Digital Triage Forensics by Stephen Pearson, this book is entirely relevant to computer forensic analysts and I vaguely recommend it.
In the field of digital forensics, there are some books that you have on your shelf and hope to reread every year, (File System and Forensic Analysis by Brian Carrier), and there are books you keep for reference. Virtualization and Forensics is packed with information about virtual machines, the environments they run in, the vendors making the applications, and how they apply to forensic investigations, but it’s more of a reference book as it provides artifacts of virtual machine and evidence that one was run.
Virtualization and Forensics (VAF) covers the details of many virtualization applications, including VMware Workstation (and Fusion for Macs), Parallels, Microsoft Virtual PC MojoPac, MokaFive, and probably some others I had never heard of. VAF covers the artifacts left behind for each of these program installations, as well as their server versions. At this point you may be asking yourself ‘If it’s such a great book, why did he put ‘vaguely’ in the recommendation sentence?” That’s a good question!
VAF leaves out some critical information that I fault it for not including because of it’s title. This book is short for something covering such a massive (and popular) topic; virtualization was identified as the #1 Strategic Technology for 2009 by Gartner, the IT industry’s largest and most-strategic conference. The title of VAF includes “Investigator’s Guide”, but I have to disagree as there is just a surface being scratched here. The authors ran some tests and provided us the results of those tests, but didn’t offer anymore thought than that. The authors have a thorough understanding of virtualization and appear involved in researching the topic as they know all the white papers and research to reference. Read more