common virtualisation

other files to look for, vmx, vmc, pvs,

imaging software produces gho, sv2i, tlb, spf which could also be used as virtual machines when converted using VMware Converter.

Thanks again.

>>And are they "visible", i.e. if I wanted to identify a list of virtual machines on a windows 7 machine, is it as easy as searching on file extensions in certain areas of the disk (can anyone provide a list of file extentions and default locations for the more common virtualisation tools?) If they arent visible via a file extension search - how can you locate any virtual machines on a windows PC?

Why would anyone run a host of virtual machines on a home PC? I can see the logic for businesses for virtual systems on servers - but not to sure the use of them on a traditional desktop or laptop device? Any clue?

Yes, they are visible to the OS, if you logged on and searched for them. They could be stored anywhere, where ever someone has stored them, providing you have permissions to see them.

Yes, file extensions are

*.vmdk
*.vmx
*.vmc
*.vhd
*.pvs
*.vdi

Default locations for the virtual machines would also be very interesting if you could assist?
And a view as to why a virtual machine would ever be stored outside the default locations?

Do those extensions cover all virtualisation providers, or just vmware?

1.Research and Development.
2. Sandbox
3. Application compatibility.
4. Device compatibility. (you may have a printer that has XP drivers only) but your host OS is Windows 7.

In our offices, we download all software from the Internet into Virtual Machines, we do not download software from the Internet direct to our Workstations, I'm typing to you in a VM.

This protects are real machines from threats. If we have an issue we just destroy the VM.

Default locations  could be anywhere, the users wants them to be.....

usually in the users documents!

The extensions cover the common ones, Microsoft, VMware, Parallels, Oracle,  I'm sure there are probably more Hypervisor products.

We store our VMs, outside of the default location on removable USB Hard drives, so there are portable!

Windows 8.0 will include a cut down version of Hyper-V, and Windows 7 already includes XP Mode, Virtual PC, so users can run a virtual PC of Windows XP, for compatibility issues, if you have any with software and Windows 7.

Thanks for your help once again.

One concept I am struggling to grasp.

If you have say a word document inside a virtual machine, and you search for it outside the virtual machine, would the search find it.

Say I just right click my C (physical drive) and run a search - does the fact the word document is inside the virtual drive mean my search will appear that is doesnt exist. The only way it would show up - would be if the virtual machine was mounted, and you run a search inside the virtual machine for the document?


Hope that question makes some sense. Virtualisation is a bit much for me at the minute.

There can be many reasons why you install virtualization software on you home PC. First of all it is better to install programs over your virtual PC. For example some security penetration test tools require you don't have antivirus software not installed.. Or you want to keep your computer clean and mess up with your virtual machines. Another reason is just experimenting. You might like to check out other OS's such as Linux or Solaris x8a and you don't have a spare machine. Yet another reason is some software comes embedded as a distro and the only way to check them out is to install them on a separate system or on a virtual system. As Home PC's are more capable with loads of memory and several cores.

There's nothing wrong with this.

Cheers,
K.

No, the host machine cannot see inside virtual machine container disks.

just like if you encrypted a word document inside a zip file. (twice zipped)

Correct, the virtual machine disk must be mounted, or you search inside the virtual machine.

So its essentially a PC within a PC -with its own seperate storage and OS.

I still cant quite get my head around why people say its a clever way of hiding data.

Perhaps its if its unounted you cant see the contents - similar to an encrypted file container. If both are unmounted you cant see the contents? And to mount requires a password of some sort?

If I took a replica of a virtual machine though using a forensics tool. How is that any different to imaging a physical disk? If I take a replica of a physicla disk that isnt encrypted - I can just see all the files, OS files user data etc plain text as though I was logged on. How is that different to if I ccopied a virtual machine? Is it all non human readable formats until its mounted? Would you have to mount it and then take a copy of the machine while its "up and running?"

That is Correct, a PC with a PC.

Anyone with any basic knowlege can get at the data!

No password required to mount they are not encrypted.

if you want to hide data encrypt a zip file 20 times!

or use hardware encryption on the latest flashdrives, or use truecrypt!

its no different.

virtual machine disks are not encrypted!

technically you can take any image of a PC, convert to virtual machine, and vice versa, with minor changes and boot OS!

But you could technically encrypt the contents of a VM machine, if you ran an encryption tool within it, so although not by default, just as you can encrypt a physical disk, you can run a 3rd party tool to encrypt a virtual disk and all its data?

I assume though with a virtual machine, if you wanted to access the data "live" as opposed to post mortem in a forensics tool, you still go through an OS type authentication to gain access to the system? I.e. the OS within the virtual machine?

How can you use a boot disk on a virtual machine - this will really confuse me :)

If we slip a boot disc with an alternate light OS like knoppix  in my PC it bypasses the OS authentication , I cant grasp how that would work with a virtual system?

Yes, you can run encryption, OS based or third party, thats no different to a physical server or workstation.

Virtual systems would work in the same way booting off a floppy disk image or the real device, same with cdrom, image or real.

There is not really any difference between the physical and virtual.

there is no need to go through the virtual, its just a file, so you can open with many tools.

e.g. Winimage

no need to boot, mount, login etc

overrides all security!

Perhaps im not getting the concept, in that you can only have one virtual open on one machine at a time, thus that one machine is utilising the CD drive, thus thats how you can boot from the DVD OS and bypass the virtual machine authentication process.

Sorry for all the questions still struggling with some aspects

Ah so if you wanted a copy of all files within a virtual disk - all youd need would be something like winimage - and then when its open take a copy of the files from there.

With a virtual machine, you can assign it a real CDROM drive, or attach an image.

But only ONE device can access at a time.

Yes, just use Winimage!