Welcome to ForensicVM documentation!
ForensicVM is a comprehensive project designed to assist forensic investigators in the virtualization of forensic images. By utilizing advanced technologies and tools, ForensicVM simplifies the process of analyzing and examining digital evidence in a virtualized environment.
The project consists of two essential components: the ForensicVM client, which is an Autopsy plugin, and the ForensicVM server. These components work seamlessly together to provide a powerful and efficient forensic virtualization solution.
The ForensicVM server, developed using Django and Python, serves as the backbone of the system. It is recommended to install the server on Debian 11, which in turn should be set up on a dedicated bare metal server. This configuration ensures optimal performance and stability for your forensic investigations.
Please note that installing the ForensicVM server on a hypervisor is not recommended. The ForensicVM server itself acts as the hypervisor, and running it within a nested setup may result in unpredictable behavior and performance issues. To maintain the integrity and reliability of your forensic analysis, it is advised to adhere to the recommended server installation setup.
To get started with ForensicVM, your first step is to install the server. For detailed instructions, please refer to the installation section, where you will find step-by-step guidance on setting up the server environment correctly.
Once the server is up and running, you can explore the various capabilities and features of ForensicVM by diving into the usage section. This section provides comprehensive information on how to make the most out of the project, including tips, best practices, and real-world scenarios.
Additionally, if you require a deeper understanding of the technical aspects and functionalities of ForensicVM, check in the addional tForensicVM server in api section. It offers an in-depth exploration of the project’s application programming interface, empowering advanced users to leverage the full potential of the platform.
I would like to emphasize that ForensicVM is an actively developed project. I’m continuously working on enhancing its capabilities, improving performance, and adding new features. Stay tuned for updates and exciting developments as I strive to deliver the most effective and reliable forensic virtualization solution available.
Thank you for choosing ForensicVM. I am confident that it will greatly streamline your forensic investigations and contribute to the success of your work. The first step is to install the server. Head to installation
Check out the usage section for further information, including how to install the project.
- Introduction
- Citation Guidelines
- System Requirements
- Installation and Setup
- AutopsyVM Client Plugin Installation
- Initial Setup
- Step 1: In Autopsy: Add a new data source to Autopsy. This new data source is the forensic image that we need to convert to a forensicVM
- Step 2: Select your Disk Image
- Step 3: Select your forensic image
- Step 4: Run the ForensicVM client plugin
- Step 5: Open your forensicVM Server web address in the admin. Ex: https://<ip-or-web>:port/admin
- Step 6: Add a new user
- Step 7: Add a new api key to the user
- Step 8: Copy the user API key
- Step 9: Paste the user API key
- Step 10: Fill and test the Forensic VM Server configuration
- Step 11: Forensic VM Server configuration test success
- Step 12: Configure Windows Share over Forensic SSH Server Redirection
- Step 13: Windows Share over Forensic SSH copy ssh key status
- Step 14: Testing Windows Share over Forensic SSH Server Redirection
- Step 15: Configure windows share over ssh
- Step 16: Configure the share login and the share password
- Step 17: Create Share Button
- Step 18: Create a share Dialog
- Step 19: Testing the forensicVM image Windows share over ssh
- Getting Started
- Product Overview
- Using ForensicVM
- Running Autopsy Forensic VM Plugin
- Convert a local Forensic Image to a remote Forensic Virtual Machine
- Start Forensic Virtual Machine
- Open or Explore Forensic Virtual Machine
- Shutdown Forensic Virtual Machine
- Stop Forensic Virtual Machine
- Reset Forensic Virtual Machine
- Screenshot Forensic Virtual Machine
- Making, Downloading, and Analyzing a Memory Dump
- Recording Video Evidence from the ForensicVM
- Gather Evidence Using the Evidence Disk
- Deletion of ForensicVM at Investigation Conclusion
- Managing the Network Card to Capture and Analyse Network Traffic in Wireshark
- Media Management - Use Extra Tools and Boot ISO Files
- Snapshots - A Crucial Asset for Investigators
- Plugins - Security Bypass Utilities
- Chain of Custody Management in ForensicVM
- Virtual Introspection
- Fine-Tuning ForensicVM
- WebShell for Remote Administration
- Netdata on ForensicVM Server
- ForensicVM Case Study - Bart the hacker
- Challenge Solution
- Troubleshooting Guide
- Glossary
- List of Figures