The book I read to research this post was Virtualization & Forensics by Diane Barrett et al which is an excellent book which I bought from Kindle. This book is relevant to anyone connected to virtualization or cloud computing not just computer forensics personnel. There's a lot of general information on things like virtualization. Xen Server pronounced zen is an open source virtualization program that mostly with linux. Virtual PC which is by Microsoft allows AppleMacs to run windows & although it's compatible with some variations of Linux they are not officially supported. Penguin SleuthKit includes MD5 which images hard drives, SleuthKit is a forensic open source tool which can be run as a live program which means you can boot it from a USB flash drive. SleuthKit includes everything you need to do a forensic examination. An important point is if you are doing a forensic examination for legal purposes you must not change anything on the target computer unless it's to get it working. If you make big changes even if it doesn't affect the outcome of the evidence it's highly unlikely the court will accept it as admissable evidence. Virtualization allows you also to run suspect software in a sandbox environment which is useful if you suspect it of being virus infected. An important point concerning virtualization & cloud computing is in the coming years laws will have to be made to clarify things but at the moment it's unclear how law enforcement agencies can gain access to a criminals cloud account. At the moment it's often left alone. One particular problem is if a criminal lives in Britain but the cloud server is in the USA which country has jurisdiction. Many virtualization products allow for example you to run a server operating system on a desktop pc & often it avoids the need for special hardware. A new development is the idea of a pc which doesn't even have a processor but is powered by the cloud service. Obviously these present problems to the computer forensics personnel who may be familiar with them. Also they call virtualization products which work directly with your hardware, class 1 & products which run directly on your operating system, class 2. A virtualization product that allows you to run a different operating system on your computer is called a hyper-visor.