A Survey of Forensic Analysis in Virtualized Environments
In this paper, the authors present a survey of current approaches to memory forensics in virtualized environments. Traditional tools aimed at analysis of operating systems are unable to resolve the correspondence between processes executing on virtual machines and their allocated memory. The introduction of rootkit technologies, providing the ability for malicious code to hide its appearance and actions further complicates memory analysis. Almost absent from the literature are capabilities to incorporate network traffic into the forensic process making remote exploits difficult to discover.