Virtualization Incident Responseby SANS Digital Forensics

Virtualization is a game changer, this session looks at the new world of virtualization and the impact on Incident Response & Computer Forensics. Details include answers to several important questions: Is forensics more difficult or perhaps actually easier in the virtual realm? What do I image if the Data Store has PI from 200 different companies on it that are not subjects to the investigation? Where are virtual machine files stored? What files are of forensic value? What about all of those snapshots? Just how do I image a virtual machine? Will my existing tools work?

Published 27 February 2015