Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to speculate or verify an attack incident occurrence. Additionally, the forensic extraction of any such evidence is discussed. Finally, the paper raises the possibility of a virtual machine being used as an anti-forensic tool to destroy incriminating evidence in such circumstances.

Comments

Originally published in the Proceedings of the 6th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2008.

Share

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57b27c4940cc4