Securing information by performing forensic and network analysis on hosted virtualization

Abstract

A Hypervisor at the same time agrees a single system to run two or additional operating systems. To gather forensic proof of examined activities or attacks against the system, the evidence kept in logs of a system plays an important role. In this paper, we have analyzed logs, snapshots and also the network connectivity of guest and host operating systems. We have studied different virtualization systems and analyzed their logs, snapshots of hypervisor with dissimilar case studies to find the actions done on virtual systems. We have analyzed the deleted and formatted files information with the help of Encase forensic tool on some of the open source virtualization technologies like virtual box and qemu to ensure that the information existing in the system is always secure.