Abstract

Abstract—Virtual Machine is a virtualization technology<br> which is most widely used today to simplify work and save<br> hardware resources. In addition to standard use, this virtual<br> machine is also widely used as a tool for conducting research on<br> malware, network installations and more. The increasing use of<br> virtualization technology is a new challenge for digital forensics<br> experts to conduct further research related to the restoration of<br> evidence of deleted virtual machine image. Because this Virtual<br> Machine (VM) is also widely used by cybercrime actors to<br> commit crimes in cyberspace, and then delete digital traces by<br> destroying the virtual machine image that has been used or<br> returning it to a snapshot, this technique is known as antiforensic.<br> Many previous studies have discussed about this VM<br> forensics, such as VM memory dumps and snapshots. But no one<br> has discussed the process model or flow used to perform the<br> analysis to digital evidence in the form of a virtual machine. This<br> study tires to identify the Virtual Machine Forensic Analysis &amp;<br> Recovery (VMFAR) which the researchers design as a<br> framework for analyzing digital evidence. After implementing<br> this framework in the process of handling digital evidence, the<br> results of the analysis show that the experimental process was<br> successfully carried outIndex<br> Keywords— Virtual; Machine; Forensics; Recovery; Framework.

Concepts :

Access to Document

SDGs

Citations by Year