Chapter 10: Virtual Machine Forensics, Live Acquisitions, and Network Forensics

0.0(0)
studied byStudied by 6 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/25

flashcard set

Earn XP

Description and Tags

Forensic Science

Virtual Machine Forensics

Live Acquisitions

Network Forensics

CSI

Crime Scene Investigation

University/Undergrad

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

26 Terms

1
New cards

Hypervisor

The software that runs virtual machines.

2
New cards

Type 1 Hypervisor

Runs on “bare metal,” meaning it loads on physical hardware and doesn’t require a separate OS.

3
New cards

Virtual Machine Extensions (VMX)

Instruction sets called _ are necessary to use virtualization; without these instruction sets, virtualization software doesn’t work.

4
New cards

Parallels Desktop

Was created for MAcintosh users who also use Windows applications. It runs both legacy and current Windows OSs as well as Linux.

5
New cards

Kernel-based Virtual Machine (KVM)

This open-source hypervisor enables you to choose between an Intel and an AMD CPU and to run Linux or Windows VMs. It’s now included as part of most Linux kernels.

6
New cards

Microsoft Hyper-V

Microsoft began its venture into virtualization with Virtual PC, which allowed you to create VMs that could run non-Windows OSs. Its new hypervisor is built into Windows 10, and unlike most programs, it isn’t downloaded.

7
New cards

Oracle VirtualBox:

It supports all Windows and Linux OSs as well as Macintosh and Solaris. This shareware can be downloaded and installed on both Windows and Linux host systems.

8
New cards

.vmx

Stores configuration files

9
New cards

.log

Contains logs of information such as when a VM was powered off, virtual appliances added, and so on

10
New cards

.nvram

Keeps track of the state of a VM’s BIOS

11
New cards

.vmdk

Stores the virtual hard drive’s contents

12
New cards

.vmem

Stores VM paging files, which serve as RAM

13
New cards

.vmsd

Contains information about snapshots

14
New cards

.ova or .ovf

File used to create a virtual machine; OVF stands for “Open Virtualization Format”

15
New cards

.vdi

Disk image file

16
New cards

.r0

Default libraries

17
New cards

.vbox

Saved settings of virtual hard drives

18
New cards

.xml-prev

Backups of XML settings

19
New cards

Order of Votality (OOV)

It determines how long a piece of information lasts on a system.

20
New cards

Network Forensics

The process of collecting and analyzing raw network data and tracking network traffic systematically to ascertain how an attack was carried out or how an event occurred on a network.

21
New cards

Layered Network Defense Strategy

Sets up layers of protection to hide the most valuable data at the innermost part of the network. It also ensures that the deeper into the network an attacker gets, the more difficult access becomes and the more safeguards are in place.

22
New cards

Honeynet Project

Developed to make information widely available in an attempt to thwart Internet ad network attackers.

23
New cards

Zombies

Machines used in DDoS attacks.

24
New cards

Zero Day Attacks

Attackers look for holes in networks and OSs and exploit these weaknesses before patches are available.

25
New cards

Honeypot

A computer set up to look like any other machine on your network; its purpose is to lure attackers to your network, but it contains no information of real value.

26
New cards

Honeywalls

Are computers set up to monitor what’s happening to honeypots on your network and record what attackers are doing.