Applications of Virtualization to Digital Forensics Education

Educators in digital forensics struggle with the desire to provide their students with realistic learning environments while protecting production systems from undesirable and potentially illegal interference. This paper describes methods in which virtualization technology can be used to create realistic learning environments for digital forensics that reduce cost and space requirements while saving students and instructors time. Host-based, network-based, and server-based approaches to virtualization are presented and analyzed. The issues associated with developing an image library for digital forensics are presented as well as the direction of future developments in the field including a vision for sharing virtual environments across institutions. At the recent Colloquium for Information Systems Security (CISSE 2009) approximately 60 attendees participated in virtualization bootcamps and working lunches, and the overwhelming level of interest in the group was determining how to deploy virtualization to provide high quality information assurance, computer security, and digital forensics lab exercises at their institutions.