To Reproduce The Indirect Simulation Of The Virtual Machine-based Computer Operating Environment

With developing of computer,we couldn't leave computer in our learning,living and work. At the same time, someone use computer as a tool of criminal activities. Computer security has seriously endanger social stability and development. In the criminal computer, there is a lot of data. How can we find them and put it to the court is in our research.In this paper, the reconstruction of computer operating environment base on virtual machine indirectly simulation, are part of computer offline simulation of the other computer system. Offline simulation include virtual machine directly simulation and virtual machine indirectly simulation. In the virtual machine, direct simulation will made a computer hard disk into an image file. The image file is a hard disk in the virtual machine. When a computer runs virtual machine, the virtual machine can reproduce the system environment. If the criminal computer hard disk can't run in the virtual machine, or the criminal computer may have bad driver and bad service modules, we should work in virtual machine indirectly simulation.Virtual machine indirectly simulation will put the image file as a slavery disk in the virtual machine, because it has a master disk. When the system runs from the master disk, it will access applications and documents from the slavery disk. In the paper, I study the windows operating system, find the implementation of user profiles, the way to run program, and the parts of driver. In the last chapter, I program the tools used in the virtual machine indirectly simulation system.In Windows XP, Windows2000 and Windows2003 operating system, I have achieved the simulation. The user's profile can be easily changed to others. The majority of applications can run normally. The driver information can be listed, and driver file can be exactly located. The reconstruction of computer operating environment base on virtual machine indirectly simulation, can be useful to the computer forensics. The electronic evidence and the clues are intuitive and important.