Design Framework for Digital Evidence Analysis Using the Virtual Machine Forensic Analysis & Recovery (VMFAR) Method

Abstract—Virtual Machine is a virtualization technology
which is most widely used today to simplify work and save
hardware resources. In addition to standard use, this virtual
machine is also widely used as a tool for conducting research on
malware, network installations and more. The increasing use of
virtualization technology is a new challenge for digital forensics
experts to conduct further research related to the restoration of
evidence of deleted virtual machine image. Because this Virtual
Machine (VM) is also widely used by cybercrime actors to
commit crimes in cyberspace, and then delete digital traces by
destroying the virtual machine image that has been used or
returning it to a snapshot, this technique is known as antiforensic.
Many previous studies have discussed about this VM
forensics, such as VM memory dumps and snapshots. But no one
has discussed the process model or flow used to perform the
analysis to digital evidence in the form of a virtual machine. This
study tires to identify the Virtual Machine Forensic Analysis &
Recovery (VMFAR) which the researchers design as a
framework for analyzing digital evidence. After implementing
this framework in the process of handling digital evidence, the
results of the analysis show that the experimental process was
successfully carried outIndex
Keywords— Virtual; Machine; Forensics; Recovery; Framework.