Shropshire, JordanBenton, Ryan2020-01-042020-01-042020-01-07978-0-9981331-3-3http://hdl.handle.net/10125/64525Cloud-hosted software such as virtual machines and containers are notoriously difficult to access, observe, and inspect during ongoing security events. This research describes a new, out-of-band forensic tool for rapidly analyzing cloud based software. The proposed tool renders two-dimensional visualizations of container contents and virtual machine disk images. The visualizations can be used to identify container / VM contents, pinpoint instances of embedded malware, and find modified code. The proposed new forensic tool is compared against other forensic tools in a double-blind experiment. The results confirm the utility of the proposed tool. Implications and future research directions are also described.10 pagesengAttribution-NonCommercial-NoDerivatives 4.0 InternationalCybersecurity Investigations and Digital Forensicscloudcontainerdigital forensicsvirtual machineContainer and VM Visualization for Rapid Forensic AnalysisConference Paper10.24251/HICSS.2020.783