Advanced search
Publication Cover
Australian Journal of Forensic Sciences Volume 50, 2018 - Issue 2
Submit an article Journal homepage
614
Views
2
CrossRef citations to date
0
Altmetric
Original Articles

Electronic crime investigations in a virtualised environment: a forensic process and prototype for evidence collection and analysis

Ijaz AhmadFaculty of Information Technology, Majan University College, Muscat, Oman;National University of Sciences and Technology, Islamabad, Pakistan
,
Haider AbbasKing Saud University, Riyadh, Saudi Arabia;National University of Sciences and Technology, Islamabad, PakistanCorrespondence[email protected]
,
Asad RazaNational University of Sciences and Technology, Islamabad, Pakistan
,
Kim-Kwang Raymond ChooSchool of Information Technology & Mathematical Sciences, University of South Australia, Australia;Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA
,
Anam SajidShaheed Zulfikar Ali Bhutto Institute of Science and Technology (SZABIST), Islamabad, Pakistan
,
Maruf PashaDepartment of Information Technology, Bahauddin Zakariya University, Multan, Pakistan
&
Farrukh Aslam KhanKing Saud University, Riyadh, Saudi Arabia
 show all
Pages 183-208 | Received 24 Nov 2015, Accepted 18 Aug 2016, Published online: 07 Nov 2016
 
Sample our Bioscience journals, sign in here to start your access, Latest two full volumes FREE to you for 14 days

Abstract

The constant evolution of virtualisation technologies and the availability of anti-forensic techniques and tools complicate efforts by forensic investigators to investigate a crime or a cyber security incident. Forensic collection can be complicated and requires significant efforts to investigate incidents involving contemporary technologies (e.g. crime launched from a virtual machine and there had been attempts to erase evidence after the incident). This paper presents a forensic process to collect and analyse traces of a virtual machine and its corresponding manager, recorded across multiple sources including the file system, Windows registry, history, and log files from a forensic viewpoint. To demonstrate utility of the forensic mechanism, the Virtual Machine Forensic Artefact Collector (VMFAC) prototype is developed and presented in this paper.

Log in via your institution

Access through your institution

Log in to Taylor & Francis Online

Restore content access

Restore content access for purchases made as guest
Purchase options * Save for later

PDF download + Online access

  • 48 hours access to article PDF & online version
  • Article PDF can be downloaded
  • Article PDF can be printed
USD 61.00 Add to cart

Issue Purchase

  • 30 days online access to complete issue
  • Article PDFs can be downloaded
  • Article PDFs can be printed
USD 215.00 Add to cart

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.