SANS Digital Forensics and Incident Response Blog: Tag - virtualization

Installing the REMnux Virtual Appliance for Malware Analysis

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Here is how to install the REMnux virtual appliance using common virtualization tools, such as VMware and VirtualBox, thanks to the Open Virtualization Format (OVF/OVA). Continue reading Installing the REMnux Virtual Appliance for Malware Analysis

Give Your Forensic Images the Boot, Part I

At its worst, incident response in the past consisted of someone with a little bit of knowledge sitting down at the affected machine and poking around at its contents. Computer forensics has influenced the initial response, but you may still find quality information from taking a live look at a suspect machine. For instance, I have no idea where the settings are that effect how icons are arranged on the desktop. But by booting into the captured image, I get to look and feel how the user environment was actually set up.

Booting the image into a virtual environment has other advantages. First, you can interact with the computer in a more natural and