Title

Virtual Environments Support Insider Security Violations

Document Type

Conference Proceeding

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

6056

Comments

This article was originally published as: Swanson, I. & Williams, P. (2008). Virtual Environments Support Insider Security Violations. Proceedings of the 6th Australian Digital Forensics Conference, (pp. 171--178). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Original article available here

Abstract

This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to speculate or verify an attack incident occurrence. Additionally, the forensic extraction of any such evidence is discussed. Finally, the paper raises the possibility of a virtual machine being used as an anti-forensic tool to destroy incriminating evidence in such circumstances.

This document is currently not available here.

 
COinS