virtualization software

virtualization software like sandboxie, returnil,shadow defender and FD ISP etc how do they actually work? is your temporary operating system only run in memory?

The reason why I ask this is if you download a file for example and then of course the file disappears after next reboot, what happens to the file? Is it possible to recover the file from the hard drive using forensic recovery tools or does the file cease to exist?

 

Writes are re-directed to a 'container' or different area of the disk. Returnil has ram and disk.

 

With virtualization software, you can only download and run software non-isolated. If you run a browser isolated, nothing will appear on the desktop. That's the key to keep malware drive by downloads from ever infecting your PC. When you close a sandboxed browser, infected with malware, the malware is gone. There's nothing there to get on your computer. The same thing is true if the OS in run on top of a virtualization layer like Rollback RX. If you get infected, just rollback to the last date you were "clean." Its hard for unwanted crud to harm a PC nowadays.

 

so basically other than your current windows operating system there is stuff which gets written to the hard disk.

with returnil using ram and disk do you know what stuff gets written to the disk?

I'm trying to find a virtualization product which writes absolutely nothing to the hard disk. That's if there is such a product?

 

If you run Returnil using the memory option nothing at all will be written to disk only to RAM,that's the intention anyway.It uses the same principle as a Live CD in that mode.

 

I don't believe that to be true.

See here - https://www.wilderssecurity.com/showthread.php?t=229206

And here - https://www.wilderssecurity.com/showthread.php?t=231601