Module 10 | Virtual Machine & Network Forensics | Live Acquisition Techniques | Chapter 10

💻 How do investigators extract critical evidence from a system that can’t be shut down? In this episode, based on Chapter 10 of the Guide to Computer Forensics and Investigations (6th Edition), we explore the tools, challenges, and workflows behind virtual machine forensics, live acquisitions, and network forensics—must-have skills for today’s digital forensic professionals. 🔍 What You’ll Learn: 1:04 - The difference between Type 1 and Type 2 hypervisors 1:24 - How to collect evidence from virtual environments (VMware, VirtualBox, etc.) 2:01 - Best practices for live forensic acquisitions and the order of volatility 2:14 - Tools like FTK Imager, Memoryze, RAM Capturer, DumpIt, tcpdump, Wireshark, and Splunk 2:51 - How to detect and investigate lateral movement, MAC spoofing, and ARP poisoning 3:45 - The role of the Honeynet Project and honeypots in real-world attack analysis 🎓 Perfect for students in BCIS 4320, and for professionals pursuing roles in digital forensics, incident response, cybersecurity auditing, and network defense. 📘 Textbook Reference: Nelson, Phillips, Steuart, and Wilson (2025). Guide to Computer Forensics and Investigations, 7th Edition. https://www.cengage.com/c/guide-to-computer-forensics-and-investigations-7e-nelson-phillips-steuart-hua/9780357672884/ 🎧 Check out the full podcast series: https://www.youtube.com/playlist?list=PLRU5YMNncPaqN14zaj_InWi8R8w9qhjTt 🛎️ Like, share, and subscribe for future episodes—and don’t forget to comment: What’s your favorite forensic tool for live or network investigations? Dr. Joseph H. Schuessler, PhD Full Professor of Computer Information Systems | Dr. Sam Pack College of Business Quality Matters Master Reviewer & ACUE Advanced Certified in Effective Teaching AI Production Disclosure: This content was developed through a collaborative workflow between human expertise and artificial intelligence. Gemini, NotebookLM, and other AI tools were utilized in the development, research synthesis, and production of this video and podcast episode to ensure technical accuracy and educational clarity.