Virtual machines are useful for many purposes in computing, but they can also be used to hide evidence of user activity on a computer system. Cybercriminals are using virtual machines because it is apparently easy to remove all trace of their activities just by deleting a single file. This seminar describes virtual machines, their methods of operation, how they are used to hide user activity, and how to detect their use. It also describes how to use virtual machines for malware analysis and other aspects of cyber forensics.
Cyber forensics investigators
FOR205, Windows Internals for Forensics
|Operating systems supported:||All versions of Windows|
|Durations and formats:||1 day with labs|