To recap, to enhance security in an organization, regular actions performed by regular users must be restricted. Recovering deleted VM files (especially after performing data wiping on HDD) and then retrieving data from it is too difficult, and impossible in many situations. A user can conduct a criminal activity or conceal data using VM and then delete it from the host machine. The virtual machine can also impose a real challenge to forensic investigators. Then he/she can perform stego actions on the remote server, thus bypassing all network security measures related to fighting against data hiding techniques. If accessing a USB is prohibited by an organization’s security policy (and this is an excellent security measure that must be implemented without exception), a user can use the IaaS model of cloud computing and install VM software on the host account.
A user can fully launch an OS from a USB stick, allowing him/her to use steganography tools without leaving any traces on the host machine. This imposes great risks to organizations trying to fight against data leakage. On the data hiding side, the virtual machine can be used and launched from within a USB zip drive.
Virtualization technology has a huge impact on the IT industry, especially in data centers to save costs and increase performance. Nihad Ahmad Hassan, Rami Hijazi, in Data Hiding Techniques in Windows OS, 2017 Virtualization Technology
