Design Framework for Digital Evidence Analysis Using the Virtual Machine Forensic Analysis & Recovery (VMFAR) Method

You are here: Homepage > Search

Design Framework for Digital Evidence Analysis Using the Virtual Machine Forensic Analysis & Recovery (VMFAR) Method

Free access

Juhartini / Erfan Wahyudi / Bahtiar Imran / Zaenudin

Abstract—Virtual Machine is a virtualization technology which is most widely used today to simplify work and save hardware resources. In addition to standard use, this virtual machine is also widely used as a tool for conducting research on malware, network installations and more. The increasing use of virtualization technology is a new challenge for digital forensics experts to conduct further research related to the restoration of evidence of deleted virtual machine image. Because this Virtual Machine (VM) is also widely used by cybercrime actors to commit crimes in cyberspace, and then delete digital traces by destroying the virtual machine image that has been used or returning it to a snapshot, this technique is known as antiforensic. Many previous studies have discussed about this VM forensics, such as VM memory dumps and snapshots. But no one has discussed the process model or flow used to perform the analysis to digital evidence in the form of a virtual machine. This study tires to identify the Virtual Machine Forensic Analysis & Recovery (VMFAR) which the researchers design as a framework for analyzing digital evidence. After implementing this framework in the process of handling digital evidence, the results of the analysis show that the experimental process was successfully carried outIndex Keywords— Virtual; Machine; Forensics; Recovery; Framework.