Hi Community,
is it possible for forensic investigations to retrace a guest DNS query on the host system if the guest is in NAT mode? The virtual host IP address is configured as the DNS server address in the guest configuration, and therefor the host has to forward the guest DNS queries to it's configured DNS server and this will hopefully logged somewhere on the host machine.. I'm not interested to observe the traffic in real time (this could be done with wireshark for example) but for later investigations, especially when a guest machine is deleted and the virtual hard drive isn't available because it is on a disconnected external hard drive for example.
Thx & Bye Tom