A study on an investigation procedure of digital forensics for VMware Workstation's virtual machine and a method for a corrupted image recovery |
Lim, Sung-Su
(Center for Information Security Technologies, Korea University)
Yoo, Byeong-Yeong (Center for Information Security Technologies, Korea University) Park, Jung-Heum (Center for Information Security Technologies, Korea University) Byun, Keun-Duck (Center for Information Security Technologies, Korea University) Lee, Sang-Jin (Center for Information Security Technologies, Korea University) |
1 | Karl Ray, "Server Virtualization and Virtual Machine Operating Systems," http://anengineersperspective.com/wp -content/uploads/2010/03/VM.pdf, Mar. 2010. |
2 | 가상화의 기본 개념, http://www.vmware.com/kr/technology/virtual-machine.html |
3 | Harry van der Lint, Michiel Alkemade, "Turbulentie betekent kansen, maar bent u up-to-date?," Computer Profile, pp 36-37, Sep. 2009. |
4 | Kara Nance, Matt Bishop, and Brian Hay, "Investigating the Implications of Virtual Machine Introspection for Digital Forensics", 2009 International Conference on Availability, Reliability and Security, pp. 1024-1029, Mar. 2009. |
5 | H. Carvey, "The Windows registry as a forensic resource," Digital Investigation, pp. 201-205, Sep. 2005. |
6 | Volatile memory extraction utility framework, http://www.volatilesystems. com /volatility/1.3/README.txt |
7 | GetData, Mount Image Pro V4, http: //www.mountimage.com/download-com puter-forensics-software.php?file=MIP -Setup.exe |
8 | ASR Data, SmartMount, http://www. asrdata.com/SmartMount/ |
9 | Zairon, Compare VMware snapshots, http://zairon.wordpress.com/2007/08/3 1/find-out-hidden-files-comparingvmwares- snapshots/ |
10 | Chris Betz, memparser, http://www. dfrws.org/2005/challenge/memparser.s html |
11 | 탁정수, 가상화 기술현황과 공공기관 적용 시사점,한국정보사회진흥원, 정보사회 현안 분석II, pp.1-21 , 2007년 12월. |
12 | VMware Virtual Disks Virtual Disk Format 1.1, www.vmware.com/app/ vmdk/ ?src=vmdk, vmware technical note |
13 | Brett Shavers, A Discussion of Virtual Machines Related to Forensics Analysis, http://www.forensicfocus.com/downloa ds/virtual-machines-forensics-analysis .pdf |
14 | Derek Bem, "Virtual Machine for Computer Forensics - the Open Source Perspective," Open Source Software for Digital Forensics, DOI 10.1007, pp. 25-42, Jan. 2010. |
15 | 소프트웨어 시장 동향 및 전망, 소프트웨어 산업백서 2008, pp. 187-389, 2008년 12월. |
16 | Jeff Daniels, "Server Virtualization Architecture and Implementation," ACM Crossroads, Vol. 16 No. 1, Sep. 2009. |
17 | 권태석, 방제완, 임경수, 이상진, "가상화 환경에서의 디지털 포렌식 조사 방법론 연구," 한국정보기술학회, 한국정보기술학회논문지, 7(2)호, pp.159-167, 2009년 4월. |
18 | Derek Bem and Ewa Huebner, "Analysis of USB Flash Drives in a Virtual Environment," Small Scale Digital Device Forensics Journal, Vol 1. No. 1, Jun. 2007. |
19 | Greg Dorn, Chris Marberry, Scott Conrad, and Philip Craiger, "Analyzing the impact of a virtual machine on a host machine," International Federation for Information Processing, Advances in Digital Forensics V, IFIP AICT 306, DOI: 10.1007/978-3-642-04155-6_5, pp. 69-81, 2009. |
20 | Richard Arthur Bares, "Hiding in a Virtual World Using Unconventionally Installed Operating Systems," ISI 2009, pp. 276-284, Jun. 2009. |
21 | Christiaan Beek, Virtual Forensics, Black- Hat Europe 2010, http://www.blackhat. com/html/bh-us-10/bh-us-10-briefings. html#Beek, Apr. 2010. |
22 | 김동희, 백승조, 심미나, 임종인, "서버 가상화 환경의 가상머신 이미지에 대한 법적 증거로서의 허용성에 관한 연구", 한국정보보호학회, 정보보호학회논문지, 18권 6(A)호, pp. 163-177, 2008년 12월. |