Book Title: Virtualization and Forensics
Subtitle: A Digital Forensic Investigator’s Guide to Virtual Environments
Author(s): Diane Barrett, Greg Kipper
Date of Publishing: 29 Jun 2010
Price (UK&US price – full price, not discounted price): £36.99, $59.95
URL of Publisher Site: Syngress
URL of Amazon UK web page: Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments
URL of Amazon UK (Kindle) web page: Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments
URL of Amazon US web page: Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments
URL of Amazon US (Kindle) web page: Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments
As an experienced user of a number of VMware virtualization technologies, as well as working with the technologies for several clients, I was really looking forward to receiving a copy of this book to review. However, I have to say I was a touch disappointed. The book is split into three parts, with only Part 2 being of real use to a digital forensics investigator. Part 1 contains four chapters. The first chapter describes the main categories of virtualization, the other three chapters then going onto describe in more detail server, desktop and appliance virtualization. Part 1 does provide a good summary of the technologies and products present in the market place, but it’s certainly not complete. I found it surprising that VMware’s Thinapp technology (an application virtualization product) is not mentioned at all. Part 2 contains three chapters. The first looks at how to investigate “dead” virtual environments, with the second chapter looking at live environments. The last chapter discusses how to find and image virtual environments. As far as I am concerned this is the real meat of the book, yet it is only 70 pages long (the book being a total of 254 pages). My disappointment in this book is that that I would have liked to see the details provided in other articles I’ve read on the Internet and in magazines, however taking that freely available information to a wider audience and to a deeper analysis of the virtualization technologies.
Part 3 concentrates on the challenges presented by virtualization and what the future may hold, especially given the rise of so-called Cloud Computing. The first chapter in Part 3 discusses the issues with demonstrating a clear chain of custody of evidence in a virtualized environment, which I did find very useful.
Despite having said all the above, for a digital forensics investigator unfamiliar with virtualization technology, it is a good introductory book to this world. It contains a balanced mix of describing the myriad technologies available, how to investigate virtualized environments and then, finally, the challenges, both current and future. However, for me, I would have appreciated more technical forensics information.
Marks: 3 out of 5***