DISPOSABLE VIRTUAL MACHINES: CRIMINALISTIC CHALLENGES IN THE ACTIVITIES OF LAW ENFORCEMENT AGENCIES
Rubrics: LAW
Authors:
1.
Kikotya Moscow University of the Ministry of Internal Affairs
2.
Moscow Academy of the Investigative Committee named after A. Ya. Sukharev
3.
Kikotya Moscow University of the Ministry of Internal Affairs
Type:
Article
Pages:
from 154
to 159
Status:
Published
Received:
19.04.2026
Accepted:
20.04.2026
Published:
20.04.2026
Subject area:
UDC 34
Language:
Russian
Keywords:
disposable virtual machines, digital forensics, RAM, hypervisor
Abstract:
The research is devoted to the problems of digital forensics — the investigation of crimes using Disposable virtual machines. Based on the analysis of Windows Sandbox and Qubes OS DispVM technologies, the forensic risks of losing evidence due to the ephemerality of data have been identified. Tactical and methodological recommendations for investigators and experts have been developed, including algorithms for removing RAM, analyzing hypervisor artifacts, and procedural models for recording evidence.
The research is devoted to the problems of digital forensics — the investigation of crimes using Disposable virtual machines. Based on the analysis of Windows Sandbox and Qubes OS DispVM technologies, the forensic risks of losing evidence due to the ephemerality of data have been identified. Tactical and methodological recommendations for investigators and experts have been developed, including algorithms for removing RAM, analyzing hypervisor artifacts, and procedural models for recording evidence.
Keywords:
disposable virtual machines, digital forensics, RAM, hypervisor
disposable virtual machines, digital forensics, RAM, hypervisor
1. Qubes OS Disposable Virtual Machines // URL: https://www.qubes-os.org/doc/how-to-use-disposables/
2. Evaluation of the use of virtualization in complex cybercrimes // URL: https://www.europol.europa.eu/
3. Botnet deployment via cloud VMs: Analysis of cybercrime infrastructure // URL: https://www.kaspersky.com/botnet-monitoring-and-data-feeds
