Digital forensic of a cloud based snapshot
Document Type
Conference Proceeding
Publication Title
2016 Sixth International Conference on Innovative Computing Technology (INTECH)
Publisher
IEEE
School
School of Engineering
RAS ID
23360
Abstract
Researchers in the field of cloud forensics need to move away from insisting on acquiring all data as has historically been the case in computer forensics- and yet still be able to prove the accuracy, sufficiency and soundness of partially acquired data. Virtualization is considered to be one of the main pillars in providing cloud services. In some cases, investigators might end up having to rely on suspect Virtual Machine (VM) snapshots in the form of memory dumps and user activity logs. Then, in these cases the main challenge is to analyse these memory dumps without altering the evidence. In this paper, we propose a forensic process model based on the NIST model to examined the private cloud based VM snapshots (e.g. XenServer). Moreover, we examine snapshots using existing digital forensic tools and were able to successfully acquire data without the need to transform the snapshot files.
DOI
10.1109/INTECH.2016.7845140
Access Rights
subscription content
Comments
Almulla, S., Iraqi, Y., & Jones, A. (2017). Digital forensic of a cloud based snapshot. In Innovative Computing Technology (INTECH), 2016 Sixth International Conference on (pp. 724-729). IEEE.
Available here