For an.Short answer that glosses over the details VMware will usually provide a unique MAC address for a VM on a network.Example: in our Network we scan and found one of the vm machine Kali Linux is install. And also get Mac address and ip address of that machine. It is easier to do it using the VMWare PowerCLI that allows youy to search by different virtual machine parameters. Run the PowerCLI console and connect to your vCenter server or ESXi host using the following command: Connect-VIServer vcenter-hq.woshub.com -User administrator. To find a virtual machine by its MAC address, use these commands:Replace vmhostname with a VM host name of your choice, and configure the network settings as required.
Change My Address For My Virtual Hine Vmware Player Windows 7 Home BasicBrowser for each test installed Microsoft Internet Explorer (IE), Mozilla Firefox (FF), Apple Safari (AS) and Google Chrome (GC).Dropbox Windows client software (version 1.2.52) was downloaded and installed. Windows 7 Home Basic SP1, 1 GB RAM, 20 GB hard disk drive. We want to identify physical machine where this vm machine was installed.To manually assign an address, edit the config file for the VM You can install Mac OS X, OS X, or macOS in a virtual machine. Note: The objective here is to install VMplayer on your real machine Installation. 1).XX must be a valid hexadecimal number between 00h and 3Fh, and YY and ZZ must be valid hexadecimal numbers between 00h and FFhThis is how it's done with Server, Workstation, and GSX (and I presume Fusion) The basics are the same for ESX, but what mac addresses you can use are different.For more, search the VMware knowledge base for the articles"Setting a static MAC address for a virtual NIC", "Changing the MAC Address of a virtual Machine" and other articles with "MAC Address" in their title. In circumstances where this a changing mac address is a problem, you can manually set one.1.Firstly, to reduce the storage space required for the many virtual devices and forensic images created during the experiments. Each file was downloaded to the VM Hard Drive Desktop and opened.Using each copy of the Download-VMs, the Dropbox and Enron files were erased using Eraser software.Using each copy of the Eraser-VMs, CCleaner was downloaded, installed, and run with default options.The base systems were set up with small amounts of memory and hard drive space for a variety of reasons. Each file stored in the Dropbox account storage was opened but was not purposely downloaded.Browser used to access the Dropbox web site at and sign in to the user test account. VMs created for this research. Analysis was undertaken to compare the base (control) image files to subsequent image files to determine the changes made, and it was possible to observe the changes to registry files and file systems.Figure 4.1. The first experiments were redone without Process Monitor running, and analysis was then conducted. However, this resulted in the forensic images and memory captures being tainted with a large amount of data: on both the memory captures and hard drive images. MD5 values were calculated for these files and key terms were selected to enable searching and location of the data and files in subsequent analysis.In the first series of experiments, SysInternals Process Monitor v3.03 (previously Filemon and Regmon) was used to monitor system changes in the VMs ( Russinovich & Cogswell, 2012). Sign-in was undertaken with the client software and the Enron sample files were copied to the User Desktop of the VM hard drive from the host PC and then were uploaded to the Dropbox account. While the creation of an account may leave data residue, this was not part of the testing protocol, which in this case is to test the process of uploading data to an existing account. Previously, a Dropbox account was created for this research on a separate computer. These four VMs were labeled IE, FF, AS, or GC Upload-VM and were then used to access the Dropbox web site and download and install the Dropbox client software (version 1.2.52). 2.Next was to make a copy of the Base-VM for each browser. 16421IC, Apple Safari (AS) 5.1.7 for Windows 7, and Google Chrome (GC). The sign-in option was used to log in to the research user account. These were used to access the Dropbox web site using each installed browser. 4.Additional copies of the Base-VM for each browser were made, labeled Access-VM. These were used to uninstall the Dropbox client software using the option in the Start Menu folder. 3.Copies of the Upload-VMs for each browser were made, labeled Uninstall-VM. The location of the files on the Desktop was known, and so any other copies or remnants of the files observed during analysis would be the result of the client software interaction. The USDoD 5220.22-M setting was used to erase the data. Eraser was then used to erase each of the Enron data files and the Dropbox sample files from the Desktop. Eraser 5.8.8 was installed with the default settings. 6.Copies were made of the Download-VMs, labeled Eraser-VM. The contents of the zip file were extracted to the Desktop and then each file was opened and closed. All of the files in the Dropbox cloud storage account were downloaded to the Desktop of the VM hard drive as a compressed zip file. In this case, the use of eraser to erase the files on the desktop and the downloaded files. The Eraser-VMs were used to simulate the process of a user undertaken a variety of anti-forensic processes which build upon each other. CCleaner v was installed and run across the VM hard drives to remove the browsing history and file references in relation to the use of Dropbox and the presence of the Enron files. 7.Copies were made of the Eraser-VMs, labeled CCleaner-VM. Matlab 2015 b file license for macNew Virtual Machine Options 11.The virtual machine should be created and booted using the Kali Linux ISO as the boot disk. The network capture files were saved at various points while the VMs were running, and after shutdown.Figure 1.13. The 28 VMEM files were copied while the VM was running, just prior to shutdown. Memory capture was facilitated by copying the Virtual Memory (VMEM) files created by VMWare. This experiment was not undertaken to test the capability of either Eraser or CCleaner, but to assess each step of a user undertaking anti-forensic methodology to remove data, commencing with erasing known files, then removing other information such as browsing history.While preparing each VM, Wireshark 1.6.5 was run on the host computer to capture network traffic from the VM network interface. 16.When prompted, enter a hostname such as “Kali-Class” and press enter. 15.Select the appropriate keyboard layout and press enter.Kali Linux will now load additional components necessary to continue the installation. 14.Select the appropriate location and press enter. 23.Use the “All files in one partition” option for your partitioning scheme. 22.Select the default disk by pressing enter. 21.Partition the disk using the “Guided - use entire disk” option. 20.Select the appropriate time zone and press enter. 19.Confirm the password and press enter. 18.Enter a root password for your Kali Linux installation and press enter. Two of these can be installed through APT using the following command in the console:When that installation is complete, we’ll need to install another package using a more manual installation method. To do this, first open a console or terminal window.In the console, run the following two commands:It may take some time to download and install all of the updated packages.Next, we’re going to install a couple of additional packages that we’ll need. This should always start by ensuring that the Kali Linux distribution is completely up-to-date. Now we need to go through some additional setup steps to configure the lab environment. 33.Once complete, you should click the “I Finished Installing” button in the message bar floating at the bottom of the console.The Kali Linux virtual machine should now be installed and configured. 25.Click Other to enter the username “root.” 32.Enter your root password and press enter or click Log In. Change to the home directory for root by simply entering the cd command.If you are using the i386 Kali Linux distribution, run the following command:If you are running the AMD64 distribution, run the following command:This will download the appropriate installer for VirtualBox into your image.
0 Comments
Leave a Reply. |
AuthorNancy ArchivesCategories |