Feasibility of digital forensic examination and analysis of a cloud based storage snapshot
Document Type
Journal Article
Publisher
Digital Information Research Foundation
Place of Publication
India
School
School of Education
RAS ID
26333
Abstract
Researchers in the field of cloud forensics need to move away from insisting on acquiring all data - as has historically been the case in computer forensicsand yet still be able to prove the accuracy, sufficiency and soundness of partially acquired data. Virtualization is considered to be one of the main pillars in providing cloud services. In some cases, investigators might end up having to rely on suspect Virtual Machine (VM) snapshots in the form of memory dumps and user activity logs. Then, in these cases the main challenge is to analyse these memory dumps without altering the evidence. In this paper, after assessing static and live forensics tool in examining cloud based snapshot, we propose a forensic process model based on the NIST model to examine the private cloud based VM snapshots (e.g. XenServer). Moreover, we examined snapshots using existing digital forensic tools and were able to successfully acquire data without the need to transform the snapshot files.
Access Rights
free_to_read
Comments
Almulla, S., Iraqi, Y., & Jones, A. (2017). Feasibility of Digital Forensic Examination and Analysis of a Cloud Based Storage Snapshot. Journal of Digital Information Management, 15(1), 19. Available here.