A research on the investigation method of digital forensics for a VMware Workstation's virtual machine

Sungsu Lim, Byeongyeong Yoo, Jungheum Park, Keun Duck Byun, Sangjin Lee

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)


Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user's activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.

Original languageEnglish
Pages (from-to)151-160
Number of pages10
JournalMathematical and Computer Modelling
Issue number1-2
Publication statusPublished - 2012 Jan

Bibliographical note

Funding Information:
This work was supported by the IT R&D program of MKE/KEIT ( 10035157 , Development of Digital Forensic Technologies for Real-Time Analysis).


  • Digital forensics
  • VMware
  • Virtual machine
  • Virtualization

ASJC Scopus subject areas

  • Modelling and Simulation
  • Computer Science Applications


Dive into the research topics of 'A research on the investigation method of digital forensics for a VMware Workstation's virtual machine'. Together they form a unique fingerprint.

Cite this