Search for traces of the use of the Oracle VM Virtualbox virtual machine for the presence of forensically significant information

The paper considers what traces the Oracle VM VirtualBox virtual machine leaves on the computer.. Oracle VM VirtualBox is a program that allows you to run several operating systems on one computer at the same time, for example: Windows, Linux and others. The study led to come to the conclusion that the analysis of virtual machines contributes of the program, as well as studying the contents of files created by the virtual machine. Registry files and system directories were analyzed using “Windows Registry Recovery” and “WinPrefetchView” software to identify traces of loading and starting Oracle VM VirtualBox. The contents of the virtual machine files, such as *.vbox and *.vdi, were analyzed to search for forensically significant information using the WinHex and 7-File File Manager programs. The study of these files showed that they store information about the operating system, the date and time the virtual machine was created, the MAC address, as well as system and user files such as documents, images, videos, and others.