Building a virtual forensics lab

 Building a virtual digital forensic lab

        Virtualization uses programs to create virtualization processes on top of computer hardware and allows computer parts (processors, memory, the capacity, etc.) to be divided into different virtual computers, often called virtual machines. Virtualization relies on computer software to easily configure the hardware to create a virtual computer. This enables IT organizations to run multiple virtual machines and different operating systems and applications on a single server. Good futures tend to have economies of scale and multiple efficiencies. VMware Combination, Parallels Desktop, VM Virtual Box, and VMware Workstation are the four best options for managing virtualization. Prophet VM Virtual Box brings you the wonderful Prophet for free. Also available for Mac, Windows, Linux and Solaris.

I have installed Virtual BOX on my computer and tried to explore it. Let us first see the installation process of the Virtual BOX. 

• I used the link:  (https://www.virtualbox.org/wiki/Downloads) to download the Virtual BOX on my computer. Here you can find the links to download Virtual BOX for different devices.

• Then you can download the resource needed to download the files needed to install virtual BOX onto your computer, once it's done you can start the installation process.

• Once the installation is done, one can see the welcome page of virtual BOX

• Perfect! the virtual Box Virtualization software has been installed.

Creation of a virtual machine, installation of Sleuth kit with an example

I chose to install the Linux Ubuntu 16.0 on my virtualization software. 

• On the welcome page click on new and enter the details as shown below. Also please select where you want to store the files that is on which drive on the computer keeping in mind you have enough space to be allocated to your virtual machine. Once you enter the name as Ubuntu, the version will automatically pop up as per the name entered.

• Once, the step is completed click next and you will have an option to allocate the RAM and the processors you can allocate to the virtual machine. You can most likely select 2gb of RAM .

• In the next step, one will have to allocate the Hard disk space you want to allocate for your virtualization software. You can the required amount of space as per the task to be performed.

• Then the summary of the VM is displayed where one can check the configuration of the new virtual machine created.

• Once the Virtual machine is created, you will see the details of it as the following image on the Virtualization software Virtual BOX.

• Once it's ready make sure the storage settings has been optimized and also the Bios setup needs to be done where the settings for running a virtual space into the PC should be enabled. Once done click on start. This will start the process of installation of Ubuntu along with the files and necessary extension.

• Finally it will be installed and the Welcome page would look like the following image.

• Once the installation of the necessary files and extension have been completed the desktop would appear like this on the Virtual machine

• For installation of the Sleauth kit type command [sudo apt-get install sleuthkit] . The necessary packets will be downloaded and installed.

• Once the Sleuth kit is installed, it is a forensic tool which can be used to retrieve data from multiple storage devices. For example which is mentioned below we will be using the Sleuth kit to retrieve information of a raw disk image which was deleted from an external storage device. We will use the code as [mmls 4gb_/USB.dd] where 4gb_/USB stands for the Raw disk image name.

• This gave us an output where there where three entries into the Disk, we would be concentrating on the third one where the offset is 0000011264 and it shows there exists a physical image within the entry into the disk. We used the fsstat code to find the information stored on the offset 11264 which gets us the information stored within the file on the particular offset.

• Then, we found the data which was present into the third entry within the Raw disk, upon concentrating on the different how the file was deleted and where it was stored. We can see the there was a google chrome download which is mentioned png.crdownload which tells us a lot about what was stored on the Raw disk file.

Advanced forensics can be utilized to identify hoodlums. It can offer assistance follow the source of a cyberattack, recognize the source of the spill, and interface suspects to the wrongdoing scene. This makes a difference the police explore hoodlums and bring them to equity. This enables IT organizations to run multiple virtual machines and different operating systems and applications on a single server.