The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat Reader).

If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs.

Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link above.

Fullscreen Fullscreen Off


In this survey paper the author explores the technical as well as high level conceptual trust issues that arise in acquiring log forensic evidence from the virtual machine (VM) hosted operating systems within the data clouds. This specific survey work is done at the University of Technology [UTECH], Jamaica, which currently functions as its own independent private data cloud provider. The data acquisition is particular to the hypervisor system logs that can be used to track VM incidences which are later used to compile potential evidence for a cloud investigation. This work also presents a model to show the layers of virtualization trust that can arguably be used to support the collection of such log evidence. The paper provides the context for the support of such cloud digital investigations and analyzes the choices available to a forensic investigator using proof of concept experiments. The experimental work is achieved by making a comparative evaluation of popular forensic acquisition tools including Guidance EnCase and AccessData Forensic Toolkit, as to how volatile and non-volatile hypervisor log data can be collected. Finally the paper explores three solutions for the managed log evidence data acquisition phase within a cloud investigation.

Keywords

Forensic, Log, Cloud, Trust, Hypervisor.
User
Notifications
Font Size