Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to collect forensic evidence from a flexible VM

Art.PeckJun 1 2012 — edited Jun 4 2012

Customer is asking how would you be able to collect forensic evidence from a flexible VM. He is concerned that despite all efforts to prevent malicious use of the system, someone does so. With a persistent VM, like with a physical PC, Windows 7 would have collected trace evidence in the various log files. The Information Assurance folks would be able to track the incident to a specific user (CAC card), on a specific VM and exactly what was done.

With 1100+ Students we are looking at flexible/destroy VMs as a way to minimize the number of Windows 7 images that need to be maintained. A "personal" or persistent VM would work, but we would have to maintain all the VMs.

Any suggestions welcomed. If our thinking is off-base, we'd like to know that too.

Thanks!

Art

Locked Post

New comments cannot be posted to this locked post.

Locked on Jul 2 2012

Added on Jun 1 2012

#oracle-virtualization, #virtual-desktop-infrastructure-and-sunray-clients

4 comments

608 views