Tuesday, July 27, 2010

Review of Virtualization and Forensics Posted

Amazon.com just published my three star review of Virtualization and Forensics by Dianne Barrett and Gregory Kipper. From the review:

"Virtualization and Forensics" (VAF) offers "a digital forensic investigator's guide to virtual environments" as its subtitle. Eric Cole's introduction says "How do we analyze the [virtual] systems forensically since standard methods no longer work? Let me introduce a key piece of research and literature, VAF." I disagree with Eric's claim: I did not find VAF to be a compelling resource for forensic investigators of virtual environments. If an author writes a book on virtual forensics, I would expert more advice on how to accomplish the task, and less description of virtual environments. Unfortunately, VAF spends most of its time talking about virtual systems and not enough time helping investigators analyze them.

2 comments:

Keydet89 said...

Richard,

Thanks for the review. As someone who analyzes VMs fairly often, just the brief paragraph you posted is enough to let me know that it isn't worth my time to even pull the book down off the shelf at the local bookstore.

labgeek said...

Richard:

I agree that the text is not compelling by any means however does present a single point of reference for understanding the myriad number of virtualization products on the market today. Unfortunately, it does lack the specificity needed to aid examiners when addressing forensic analysis on VM's residing in virtual host environments. That said, I did purchase the book as I don't know of any other that addresses the issue of Forensics and virutalization (aside from blog posts/white papers and Edward Haletky's book on securing virtual environments).