Python Forensics – Virtualization
Python Forensics – Virtualization
Virtualization is the process of emulating IT systems, such as servers, workstations, networks, and storage. It simply creates a virtual, rather than actual, version of any operating system, server, storage device, or network process.
The main component that helps emulate virtual hardware is defined as Hypervisor.
The following figure explains the two main types of system virtualization.
Virtualization has been used in various ways in computer forensics. It helps analysts by enabling workstations to be used in a verified state during every investigation. In particular, data recovery is possible by attaching a dd image of a drive to a virtual machine as a secondary drive. The same machine can be used as a recovery software to collect evidence.
The following example helps understand the process of creating a virtual machine using the Python programming language.
Step 1 – Name the virtual machine “dummy1”.
Each virtual machine must have a minimum memory capacity of 512MB, in bytes.
vm_memory = 512 * 1024 * 1024
Step 2 – The virtual machine must be connected to the pre-computed default cluster.
vm_cluster = api.clusters.get(name = "Default")
Step 3 – The virtual machine must be booted from the virtual hard drive.
vm_os = params.OperatingSystem(boot = [params.Boot(dev = "hd")])
Before adding the virtual machine using the vms collection’s add method, all options must be grouped into a virtual machine parameter object.
Example
Below is the complete Python script for adding a virtual machine.
from ovirtsdk.api import API #importing API library
from ovirtsdk.xml import params
try: #Api credentials is required for virtual machine
api = API(url = "https://HOST",
username = "Radhika",
password = "a@123",
ca_file = "ca.crt")
vm_name = "dummy1"
vm_memory = 512 * 1024 * 1024 #calculating the memory in bytes
vm_cluster = api.clusters.get(name = "Default")
vm_template = api.templates.get(name = "Blank")
#assigning the parameters to operating system
vm_os = params.OperatingSystem(boot = [params.Boot(dev = "hd")]) vm_params = params.VM(name = vm_name,
memory = vm_memory,
cluster = vm_cluster,
template = vm_template
os = vm_os)
try:
api.vms.add(vm = vm_params)
print "Virtual machine '%s' added." % vm_name #output if it is successful.
except Exception as ex:
print "Adding virtual machine '%s' failed: %s" % (vm_name, ex)
api.disconnect()
except Exception as ex:
print "Unexpected error: %s" % ex
Output
Our code will produce the following output —
