Tag Archives: Incident Response

Forensics: Guidance for Virtual Environments

During the last Virtualization Security Podcast, our guest had to postpone so we discussed to several interesting topics all related to Digital Forensics and how encryption would best work within the virtual environment. Our very own Michael Berman, in a previous life, was a forensic investigator and had some great insights into the problem of digital forensic within the virtual environment.

We discussed forensic from the perspective of evidence necessary for the court of law. In other words, forensically sound data acquisition prepared for forensic analysis. This is the an interesting aspect of virtualization. Some of which I have discussed before.

Out of this discussion came some fairly straight forward advice that many may find difficult to perform due entirely to the additional cost and requirements:

  1. Have a Written Incident Response Policy and Procedure Continue reading Forensics: Guidance for Virtual Environments