Investigation Methodology of a Virtual Desktop Infrastructure for IoT
Table 3
Access information for a virtual machine logged in the local Windows system.
Solution
Registry
Log/web browser signature
Citrix
KEY_CURRENT_USER∖Software∖Citrix∖XenDesktop ∖DesktopViewer∖[VM name] ⇒ VM name, IP address of connection management system (DDC)
%UserProfile%∖AppData∖Roaming∖ICAClient ⇒ VM name, connection/disconnection time
Signature: DesktopWeb ⇒ connection time, IP address or name of connection management system (DDC)
VMware
HKEY_CURRENT_USER∖Software∖VMware, Inc.∖VMware VDM∖Client ⇒ VM name, IP address or URL of connection management system (View Manager), domain name, user computer name
%UserProfile%∖AppData∖Local∖VMware∖VDM∖logs ⇒ URL of connection management system (View Manager), connection/disconnection time, domain name, user computer name
※ log-[yyyy]-[mm]-[dd].txt
Microsoft
KEY_CURRENT_USER∖Software∖Microsoft∖Terminal Server Client∖Default ⇒ VM name or IP address
Signature: RDWeb ⇒ connection time, Hyper-V server name, domain name