Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations
نویسندگان
چکیده
Cloud Computing is an emerging model of computing where users can leverage the computing infrastructure as a service stack or commodity. The security and privacy concerns of this infrastructure arising from the large co-location of tenants are, however, significant and pose considerable challenges in its widespread deployment. The current work addresses one aspect of the security problem by facilitating forensic investigations to determine if these virtual tenant spaces were maliciously violated by other tenants. It presents the design, application and limitations of a software prototype called the Virtual Machine (VM) Log Auditor that helps in detecting inconsistencies within the activity timelines for a VM history. A discussion on modeling a consistent approach is also provided.
منابع مشابه
An Experimental Survey towards Engaging Trustable Hypervisor Log Evidence within a Cloud Forensic Environment
In this survey paper the author explores the technical as well as high level conceptual trust issues that arise in acquiring log forensic evidence from the virtual machine (VM) hosted operating systems within the data clouds. This specific survey work is done at the University of Technology [UTECH], Jamaica, which currently functions as its own independent private data cloud provider. The data ...
متن کاملCloud Digital Investigations based on a Virtual Machine Computer History Model
In several traditional digital investigations, several forensic frameworks have been proposed. The selection of a suitable forensic framework for the cloud computing virtual environments further challenges the existing digital forensics space , as no conclusive generic framework exist that inclusively supports or can work for any Cloud Computing digital investigation. To solve this problem for ...
متن کاملVMI-PL: A monitoring language for virtual platforms using virtual machine introspection
With the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the ...
متن کاملDesign and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform
We describe the design, implementation, and evaluation of FROSTdthree new forensic tools for the OpenStack cloud platform. Our implementation for the OpenStack cloud platform supports an Infrastructure-as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs. Unlike traditional acquisition tools, FROST works at the cloud managem...
متن کاملEvidence and Cloud Computing: The Virtual Machine Introspection Approach
Cloud forensics refers to digital forensics investigations performed in cloud computing environments. Nowadays digital investigators face various technical, legal, and organizational challenges to keep up with current developments in the field of cloud computing. But, due to its dynamic nature, cloud computing also offers several opportunities to improve digital investigations in cloud environm...
متن کامل