SlideShare une entreprise Scribd logo

how to install VMware

R
rtchandu

it displays step-by-step procedure on how to install VMware.

Technologie
1  sur  64
Télécharger pour lire hors ligne
Restoring Suspect Physical and Compressed Images with VMWare Brett Shavers Computer Technology Investigators Network
Topics: • VMWare Brief • Capabilities of VMWare • VMWare Installation • Guest Operating Systems • VMWare Networking • Restoration of forensic images into VMWare
What is VMware? • VMWare is application software that provides a virtual computer on which you can install another operating system • The virtual computer or virtual machine (VM) runs as if it were a real operating system on a real computer with real devices • The VM has its own CPU, memory, hard disks, and other I/O devices
Virtual Hardware • CPU = Host CPU • Chipset = Intel 440BX-based motherboard with NS338 SIO chip and 82093AA IOAPIC • BIOS = PhoenixBIOS 4.0 Release 6 with VESA BIOS • RAM = Host’s RAM • IDE Devices = Up to 4; Virtual HD up to 950 GB; can also use real disks (2TB limit) • SCSI Devices = Up to 7 • NIC = AMD PCnet-PCI II compatible
VMware Workstation Terminology • Host operating system is the one that runs VMware Workstation • Guest operating system is the virtual OS • The host OS can be either NT-based Windows or Linux (RedHat, Mandrake, SuSE) • The guest OS can be DOS, every flavor of Windows, Linux, BSD or other OS that runs on an X86 platform
Forensic Uses of VMware • VM Workstation allows you to restore a suspect’s hard drive into a VM • You can work with the suspect’s OS and its installed applications, some of which may be involved in the alleged crime • You can network two VMs, one a suspect client and the other a suspect server • You can also mount a suspect’s restored hard drive as a physical or “raw” disk • You can easily drag and drop files from the VM to your host computer
Some VM Tips • VMWare can boot iso images • Snapshots can be taken (up to 100 per VM World) • Videos can be taken using VMWare tools • You can drag and drop between the host of virtual OS easily.
Installing VMware Workstation • Meet the minimum requirements for the host: Component Mimimum Recommended CPU 400 MHz 500 MHz + Memory 128 MB 256 MB + Display VGA SVGA + Hard Disk (install) 100 MB free 100 MB Hard Disk (for Whatever guest Whatever guest guests) requires + apps recommends + apps Host OS Windows 2003, Windows XP Home and Pro (SP1), Windows 2000 (SP3), Windows NT (SP6A) Continued …
Installing VMware Workstation • Optional components include: • Floppy Disk • Ethernet adapter for the host • CD-ROM • USB port • Other hard disks
Installing a Guest OS • Have the installation media available, typically a CD • Start VM Workstation and select File, New Virtual Machine • A wizard begins ….
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS
Installing a Guest OS • Once the Guest has been configured, you need to start the OS, but before you do … • Make sure the installation media for the guest is in the CD-ROM drive or floppy drive of the host • As soon as the machine starts, you need to click in the window and press F2 to get into the guest CMOS setup program • Once there, you’ll need to configure the system to boot from the CD-ROM or floppy
Guest CMOS setup
Guest CMOS Setup
Set Boot Order
Save CMOS settings
Boot Guest from OS CD
Install Guest OS
Summary • VMware Workstation allows you to install a guest OS in a virtual machine • The guest OS can interact with the host and utilize the host’s cpu, ram, cd-rom, keyboard, mouse, floppy disk, and network card • The host can be practically any NT-based host or Linux host and the guest can be any Windows OS, Linux, Novell, FreeBSD and more • VMware Workstation provides significant forensic-related capabilities
Restore of network and client systems ILook will be demonstrated, but Encase, FTK, Winhex, etc… can be used as long as it can restore whatever image format you have. You can also use physical hard drives directly. Encase has directions on restoration into VMWare on their website. Using a boot disk of any sort is half the work of using FTK or Encase for restores.
Restore Using I-Look • Scenario with a WIN2003 domain controller and an XP Pro client • Before restoring, establish a VM Ware occurrence with VM Ware DHCP service disabled • Restore the Domain Controller first
Create New Virtual Machine
Create the Domain Controller You have to know the OS of the image to be restored. Use the same version because VMware emulates hardware for each OS. BUT, XP may be able to handle all the other Windows OS’s. It’ll still boot to the actual OS, but there may be subtle differences in emulations. Stay with the actual OS.
Name and Allocate Resources Name it what you like. If you will be doing multiple restorations of the same image, then you can use dates, LFN, OS, etc… Make the location to a new folder where you can manage. For network restorations, keep the LAN all in one folder otherwise you will lose track. You may have to adjust memory later. The more machines, the more memory needed. Make sure your folder can hold everything you need (if all images total 100GB, you need at least that much to restore as the images expand to original size)
Define Network Type Only use host only to containerize the threat that the potential network system could have with interacting with the ‘real’ networking environment that you are connecting to For forensic restorations, make sure you don’t choose a connection that goes outside! (Bridged and NAT will go outside). The other two are safe. For network restorations, choose HOST ONLY NETWORKING). This allows clients in the virtual world to talk to each other. If you select either of the first two, and the images have a virus, you just exposed your network to that virus.
Defining the Bus You will go through this process twice for each drive you are restoring to ID the source and destination
Select the Source Disk Choose the disk that contains the image files. It is possible to have all images on one disk to be used for restorations.
VM Ware Establishes New Machine VM Ware treats this as though it is a SCSI system even though it is really an IDE drive, don’t worry about this. It is a SCSI disk because VMware likes SCSI disks for Domain controller OS’s. SCSI and IDE are just interfaces, the data will be the same, so no difference. 0:O is first SCSI disk on the first SCSI controller.
Add the Destination
Define Drive Type and Allocate Space Normally choose IDE. Make it the same size as the original hard drive, not size of image. Give a gb for wiggle room. Then name the target drive.
Confirm Both Disks Created
Restore the Image Using ISO I-Look File Put an ISO on your desktop of ILook, and point to that. (side note, you can make an iso of a boot floppy and have it point to that as well, always booting to your clean boot as an example.
Point to the CD and Start the Virtual I-Look Machine
Verify Available Disks
Selecting the device to restore from
Continuing to select image file
Restore Target Process
Restore in Process and Complete
Finish and Quit
Stop this machine
Now remove the drive and reset the CD back to the actual physical machine device
Reset the CD
Start the restored machine Machine starting, you will get some services errors
Start Up and Login
Go through login
Check the Virtual IP settings for the virtual network connections You need to know what the original settings were to reconfigure this. Because of the restore, the restored image will revert back to Windows default because a different NIC is being used (albiet virtual). Good to check before imaging if possible.
This appears to be LAN2 (as if there was a 1 at sometime). LAN 1 was the original machine, when restored, LAN2 was created. Look at the Ethernet Adaptor and that will be different as well. Don’t worry about, has to be that way
You can get settings here in the registry on IP settings
Input this info Select ‘NO’
Check the original DHCP settings Verify scope makes sense and is active before you restore any client systems
Suspend the Controller Machine Because the domain must be working to install a client, just suspend this VM OS. Suspending a machine doesn’t free up RAM, it uses it just the same. 3 machines at 2gb is about the max for RAM.
Create a new client virtual machine • Duplicating the previous process used during the controller restore • When you get to the drive type select IDE rather than SCSI (this IDE is the default setting since this is a client machine)
Resume the Domain Controller and start the XP Pro Client
Login and Add to Domain
Encase/FTK/etc… Images • You can use Encase, FTK, Linux, Winhex or any other program that can restore images to a physical drive in VMWare.
Forensic Issues • Yes, the data is changed (but only the virtual world, not the original images) • No, you can’t see unallocated space when fishing through the virtual world (it’s not a forensic exam anyway) • Yes, hashes will match on specific files on both the images and virtual world. • This process can be used to test viruses, Trojans, worms, and other actions on a suspect system (maybe disprove suspect’s allegations of virus, etc…)
5% off purchase • If you want 5% off an online purchase, you can use my referral code: • VMRC-BRESHA248

Recommandé

1.1 Installion of Redhat Linux.pptx
1.1 Installion of Redhat Linux.pptx1.1 Installion of Redhat Linux.pptx
1.1 Installion of Redhat Linux.pptxMakiMan1
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
Virtualization using VMWare Workstation
Virtualization using VMWare WorkstationVirtualization using VMWare Workstation
Virtualization using VMWare WorkstationHitesh Gupta
 
VMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessVMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessNetProtocol Xpert
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
Server virtualization by VMWare
Server virtualization by VMWareServer virtualization by VMWare
Server virtualization by VMWaresgurnam73
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linuxVeeral Bhateja
 
Introduction to Hyper-V
Introduction to Hyper-VIntroduction to Hyper-V
Introduction to Hyper-VMark Wilson
 

Recommandé

1.1 Installion of Redhat Linux.pptx
1.1 Installion of Redhat Linux.pptx1.1 Installion of Redhat Linux.pptx
1.1 Installion of Redhat Linux.pptxMakiMan1
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationThe Linux Foundation
 
Virtualization using VMWare Workstation
Virtualization using VMWare WorkstationVirtualization using VMWare Workstation
Virtualization using VMWare WorkstationHitesh Gupta
 
VMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessVMware ESXi 6.0 Installation Process
VMware ESXi 6.0 Installation ProcessNetProtocol Xpert
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
Server virtualization by VMWare
Server virtualization by VMWareServer virtualization by VMWare
Server virtualization by VMWaresgurnam73
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linuxVeeral Bhateja
 
Introduction to Hyper-V
Introduction to Hyper-VIntroduction to Hyper-V
Introduction to Hyper-VMark Wilson
 
Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-VMd Yousup Faruqu
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Linux introduction
Linux introductionLinux introduction
Linux introductionMd. Zahid Hossain Shoeb
 
Wsus best practices
Wsus best practicesWsus best practices
Wsus best practicesConcentrated Technology
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technologysanjoysanyal
 
Virtual Infrastructure Overview
Virtual Infrastructure OverviewVirtual Infrastructure Overview
Virtual Infrastructure Overviewvalerian_ceaus
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentationaleyeldean
 
Windows server2016 presentation
Windows server2016 presentation Windows server2016 presentation
Windows server2016 presentation ☁️Seyfallah Tagrerout☁ [MVP]
 
Server virtualization
Server virtualizationServer virtualization
Server virtualizationKingston Smiler
 
Virtual Machines - Virtual Box
Virtual Machines - Virtual BoxVirtual Machines - Virtual Box
Virtual Machines - Virtual BoxLahiru Danushka
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
 
Virtual Machine
Virtual MachineVirtual Machine
Virtual MachineMehul Boghra
 
Virtual machines and containers
Virtual machines and containersVirtual machines and containers
Virtual machines and containersPatrick Pierson
 
VMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationVMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationRabbah Adel Ammar
 
VDI/ VMware Horizon View
VDI/ VMware Horizon ViewVDI/ VMware Horizon View
VDI/ VMware Horizon ViewSumeraHangi
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is VirtualizationDhrupesh Kotadiya
 
Xen Hypervisor.pptx
Xen Hypervisor.pptxXen Hypervisor.pptx
Xen Hypervisor.pptxRiyaBatool
 
VMware Presentation
VMware PresentationVMware Presentation
VMware PresentationEmirates Computers
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Stefano Stabellini
 
Netezza All labs
Netezza All labsNetezza All labs
Netezza All labsJohnny Zurita
 
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"Lagendary Sheeva
 

Contenu connexe

Tendances

Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-VMd Yousup Faruqu
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technologysanjoysanyal
 
Virtual Infrastructure Overview
Virtual Infrastructure OverviewVirtual Infrastructure Overview
Virtual Infrastructure Overviewvalerian_ceaus
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentationaleyeldean
 
Virtual Machines - Virtual Box
Virtual Machines - Virtual BoxVirtual Machines - Virtual Box
Virtual Machines - Virtual BoxLahiru Danushka
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
 
Virtual machines and containers
Virtual machines and containersVirtual machines and containers
Virtual machines and containersPatrick Pierson
 
VMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationVMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationRabbah Adel Ammar
 
VDI/ VMware Horizon View
VDI/ VMware Horizon ViewVDI/ VMware Horizon View
VDI/ VMware Horizon ViewSumeraHangi
 
Xen Hypervisor.pptx
Xen Hypervisor.pptxXen Hypervisor.pptx
Xen Hypervisor.pptxRiyaBatool
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Stefano Stabellini
 

Tendances (20)

Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-V
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
Linux introduction
Linux introductionLinux introduction
Linux introduction
 
Wsus best practices
Wsus best practicesWsus best practices
Wsus best practices
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
 
Virtual Infrastructure Overview
Virtual Infrastructure OverviewVirtual Infrastructure Overview
Virtual Infrastructure Overview
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
 
Windows server2016 presentation
Windows server2016 presentation Windows server2016 presentation
Windows server2016 presentation
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Virtual Machines - Virtual Box
Virtual Machines - Virtual BoxVirtual Machines - Virtual Box
Virtual Machines - Virtual Box
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
 
Virtual Machine
Virtual MachineVirtual Machine
Virtual Machine
 
Virtual machines and containers
Virtual machines and containersVirtual machines and containers
Virtual machines and containers
 
VMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project PresentationVMware Vsphere Graduation Project Presentation
VMware Vsphere Graduation Project Presentation
 
VDI/ VMware Horizon View
VDI/ VMware Horizon ViewVDI/ VMware Horizon View
VDI/ VMware Horizon View
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
 
Xen Hypervisor.pptx
Xen Hypervisor.pptxXen Hypervisor.pptx
Xen Hypervisor.pptx
 
VMware Presentation
VMware PresentationVMware Presentation
VMware Presentation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022
 

Similaire à how to install VMware

Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"Lagendary Sheeva
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanchinitooo
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanchinitooo
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization TipsYoussef EL HADJ
 
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2John Heaton
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual MachineRubal Sagwal
 
RHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdfRHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdfPaul Yang
 
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告fm2008
 
Sdwest2008 V101 F Dpowerpoint Final
Sdwest2008 V101 F Dpowerpoint FinalSdwest2008 V101 F Dpowerpoint Final
Sdwest2008 V101 F Dpowerpoint FinalStephen Rose
 
Azure Virtual Machines cloud computing in btech cse
Azure Virtual Machines cloud computing in btech cseAzure Virtual Machines cloud computing in btech cse
Azure Virtual Machines cloud computing in btech csemdanasiul
 
Virtualization
VirtualizationVirtualization
VirtualizationYansi Keim
 
4. install and configure hyper v
4. install and configure hyper v4. install and configure hyper v
4. install and configure hyper vHameda Hurmat
 
Xen Virtualization 2008
Xen Virtualization 2008Xen Virtualization 2008
Xen Virtualization 2008mwlang88
 
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxHow to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxRusty Painter
 
NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)Ryo ONODERA
 
Virtualization workshop - part 1
Virtualization workshop - part 1Virtualization workshop - part 1
Virtualization workshop - part 1Davide Pelosi
 

Similaire à how to install VMware (20)

Netezza All labs
Netezza All labsNetezza All labs
Netezza All labs
 
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
Virtualization technology "comparison vmware 9 vs virtualbox 4.2"
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
 
VM.ppt
VM.pptVM.ppt
VM.ppt
 
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2
Virtualization VM VirtualBox + Oracle Enterprise Linux With Oracle 11GR2
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual Machine
 
RHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdfRHEL5 XEN HandOnTraining_v0.4.pdf
RHEL5 XEN HandOnTraining_v0.4.pdf
 
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告
Aix5[1].3+hacmp+oracle9 i+weblogic8.1安装实施报告
 
Sdwest2008 V101 F Dpowerpoint Final
Sdwest2008 V101 F Dpowerpoint FinalSdwest2008 V101 F Dpowerpoint Final
Sdwest2008 V101 F Dpowerpoint Final
 
Azure Virtual Machines cloud computing in btech cse
Azure Virtual Machines cloud computing in btech cseAzure Virtual Machines cloud computing in btech cse
Azure Virtual Machines cloud computing in btech cse
 
Virtualization
VirtualizationVirtualization
Virtualization
 
4. install and configure hyper v
4. install and configure hyper v4. install and configure hyper v
4. install and configure hyper v
 
Ws90 using
Ws90 usingWs90 using
Ws90 using
 
Xen Virtualization 2008
Xen Virtualization 2008Xen Virtualization 2008
Xen Virtualization 2008
 
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBoxHow to Create a Windows Server 2008 Virtual Lab Using VirtualBox
How to Create a Windows Server 2008 Virtual Lab Using VirtualBox
 
NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)NetBSD on Google Compute Engine (en)
NetBSD on Google Compute Engine (en)
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto Pxeboot
 
Virtualization workshop - part 1
Virtualization workshop - part 1Virtualization workshop - part 1
Virtualization workshop - part 1
 

Dernier

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

how to install VMware

  • 1. Restoring Suspect Physical and Compressed Images with VMWare Brett Shavers Computer Technology Investigators Network
  • 2. Topics: • VMWare Brief • Capabilities of VMWare • VMWare Installation • Guest Operating Systems • VMWare Networking • Restoration of forensic images into VMWare
  • 3. What is VMware? • VMWare is application software that provides a virtual computer on which you can install another operating system • The virtual computer or virtual machine (VM) runs as if it were a real operating system on a real computer with real devices • The VM has its own CPU, memory, hard disks, and other I/O devices
  • 4. Virtual Hardware • CPU = Host CPU • Chipset = Intel 440BX-based motherboard with NS338 SIO chip and 82093AA IOAPIC • BIOS = PhoenixBIOS 4.0 Release 6 with VESA BIOS • RAM = Host’s RAM • IDE Devices = Up to 4; Virtual HD up to 950 GB; can also use real disks (2TB limit) • SCSI Devices = Up to 7 • NIC = AMD PCnet-PCI II compatible
  • 5. VMware Workstation Terminology • Host operating system is the one that runs VMware Workstation • Guest operating system is the virtual OS • The host OS can be either NT-based Windows or Linux (RedHat, Mandrake, SuSE) • The guest OS can be DOS, every flavor of Windows, Linux, BSD or other OS that runs on an X86 platform
  • 6. Forensic Uses of VMware • VM Workstation allows you to restore a suspect’s hard drive into a VM • You can work with the suspect’s OS and its installed applications, some of which may be involved in the alleged crime • You can network two VMs, one a suspect client and the other a suspect server • You can also mount a suspect’s restored hard drive as a physical or “raw” disk • You can easily drag and drop files from the VM to your host computer
  • 7. Some VM Tips • VMWare can boot iso images • Snapshots can be taken (up to 100 per VM World) • Videos can be taken using VMWare tools • You can drag and drop between the host of virtual OS easily.
  • 8. Installing VMware Workstation • Meet the minimum requirements for the host: Component Mimimum Recommended CPU 400 MHz 500 MHz + Memory 128 MB 256 MB + Display VGA SVGA + Hard Disk (install) 100 MB free 100 MB Hard Disk (for Whatever guest Whatever guest guests) requires + apps recommends + apps Host OS Windows 2003, Windows XP Home and Pro (SP1), Windows 2000 (SP3), Windows NT (SP6A) Continued …
  • 9. Installing VMware Workstation • Optional components include: • Floppy Disk • Ethernet adapter for the host • CD-ROM • USB port • Other hard disks
  • 10. Installing a Guest OS • Have the installation media available, typically a CD • Start VM Workstation and select File, New Virtual Machine • A wizard begins ….
  • 18. Installing a Guest OS • Once the Guest has been configured, you need to start the OS, but before you do … • Make sure the installation media for the guest is in the CD-ROM drive or floppy drive of the host • As soon as the machine starts, you need to click in the window and press F2 to get into the guest CMOS setup program • Once there, you’ll need to configure the system to boot from the CD-ROM or floppy
  • 25. Summary • VMware Workstation allows you to install a guest OS in a virtual machine • The guest OS can interact with the host and utilize the host’s cpu, ram, cd-rom, keyboard, mouse, floppy disk, and network card • The host can be practically any NT-based host or Linux host and the guest can be any Windows OS, Linux, Novell, FreeBSD and more • VMware Workstation provides significant forensic-related capabilities
  • 26. Restore of network and client systems ILook will be demonstrated, but Encase, FTK, Winhex, etc… can be used as long as it can restore whatever image format you have. You can also use physical hard drives directly. Encase has directions on restoration into VMWare on their website. Using a boot disk of any sort is half the work of using FTK or Encase for restores.
  • 27. Restore Using I-Look • Scenario with a WIN2003 domain controller and an XP Pro client • Before restoring, establish a VM Ware occurrence with VM Ware DHCP service disabled • Restore the Domain Controller first
  • 29. Create the Domain Controller You have to know the OS of the image to be restored. Use the same version because VMware emulates hardware for each OS. BUT, XP may be able to handle all the other Windows OS’s. It’ll still boot to the actual OS, but there may be subtle differences in emulations. Stay with the actual OS.
  • 30. Name and Allocate Resources Name it what you like. If you will be doing multiple restorations of the same image, then you can use dates, LFN, OS, etc… Make the location to a new folder where you can manage. For network restorations, keep the LAN all in one folder otherwise you will lose track. You may have to adjust memory later. The more machines, the more memory needed. Make sure your folder can hold everything you need (if all images total 100GB, you need at least that much to restore as the images expand to original size)
  • 31. Define Network Type Only use host only to containerize the threat that the potential network system could have with interacting with the ‘real’ networking environment that you are connecting to For forensic restorations, make sure you don’t choose a connection that goes outside! (Bridged and NAT will go outside). The other two are safe. For network restorations, choose HOST ONLY NETWORKING). This allows clients in the virtual world to talk to each other. If you select either of the first two, and the images have a virus, you just exposed your network to that virus.
  • 32. Defining the Bus You will go through this process twice for each drive you are restoring to ID the source and destination
  • 33. Select the Source Disk Choose the disk that contains the image files. It is possible to have all images on one disk to be used for restorations.
  • 34. VM Ware Establishes New Machine VM Ware treats this as though it is a SCSI system even though it is really an IDE drive, don’t worry about this. It is a SCSI disk because VMware likes SCSI disks for Domain controller OS’s. SCSI and IDE are just interfaces, the data will be the same, so no difference. 0:O is first SCSI disk on the first SCSI controller.
  • 36. Define Drive Type and Allocate Space Normally choose IDE. Make it the same size as the original hard drive, not size of image. Give a gb for wiggle room. Then name the target drive.
  • 38. Restore the Image Using ISO I-Look File Put an ISO on your desktop of ILook, and point to that. (side note, you can make an iso of a boot floppy and have it point to that as well, always booting to your clean boot as an example.
  • 39. Point to the CD and Start the Virtual I-Look Machine
  • 41. Selecting the device to restore from
  • 42. Continuing to select image file
  • 44. Restore in Process and Complete
  • 47. Now remove the drive and reset the CD back to the actual physical machine device
  • 49. Start the restored machine Machine starting, you will get some services errors
  • 50. Start Up and Login
  • 52. Check the Virtual IP settings for the virtual network connections You need to know what the original settings were to reconfigure this. Because of the restore, the restored image will revert back to Windows default because a different NIC is being used (albiet virtual). Good to check before imaging if possible.
  • 53. This appears to be LAN2 (as if there was a 1 at sometime). LAN 1 was the original machine, when restored, LAN2 was created. Look at the Ethernet Adaptor and that will be different as well. Don’t worry about, has to be that way
  • 54. You can get settings here in the registry on IP settings
  • 55. Input this info Select ‘NO’
  • 56. Check the original DHCP settings Verify scope makes sense and is active before you restore any client systems
  • 57. Suspend the Controller Machine Because the domain must be working to install a client, just suspend this VM OS. Suspending a machine doesn’t free up RAM, it uses it just the same. 3 machines at 2gb is about the max for RAM.
  • 58. Create a new client virtual machine • Duplicating the previous process used during the controller restore • When you get to the drive type select IDE rather than SCSI (this IDE is the default setting since this is a client machine)
  • 59. Resume the Domain Controller and start the XP Pro Client
  • 60. Login and Add to Domain
  • 61. Encase/FTK/etc… Images • You can use Encase, FTK, Linux, Winhex or any other program that can restore images to a physical drive in VMWare.
  • 62. Forensic Issues • Yes, the data is changed (but only the virtual world, not the original images) • No, you can’t see unallocated space when fishing through the virtual world (it’s not a forensic exam anyway) • Yes, hashes will match on specific files on both the images and virtual world. • This process can be used to test viruses, Trojans, worms, and other actions on a suspect system (maybe disprove suspect’s allegations of virus, etc…)
  • 63.
  • 64. 5% off purchase • If you want 5% off an online purchase, you can use my referral code: • VMRC-BRESHA248