Virtual Forensics

Black Hat USA 2010

Presented by: Christiaan Beek
Date: Wednesday July 28, 2010
Time: 11:15 - 12:30
Location: Neopolitan 1+2+3+4
Track: Bug Collecting

This presentation will be about the problems we are facing when forensic research has to be done on environments which are virtualized. What are the differences between 'tradional' system forensics, what techniques & tools can be used. Which files are important when performing forensic research on Citrix & VMWare environments? What about VHD file format with Windows 7 and what do we need for future research?

Christiaan Beek

TenICT Christiaan Beek has been working in the security field for several years. Working for national and international companies, he gained knowledge of hacking techniques, forensic analysis and incident response. Currently he is working as a security consultant/ethical hacker & trainer for a Dutch company, TenICT. He developed and lectured an internet forensics training and a digital evidence training for attorneys. As a SME he acted for the Duth News Agency on prime-time news about the TJX hack. In 2009 he gave a training about file carving at ITUnderground 2009 in Warsaw. His free time is spent with security research & writing for several media outlets like Hakin9. He keeps his own blog at: http://securitybananas.com


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats