Feasibility of digital forensic examination and analysis of a cloud based storage snapshot

Authors/Creators

Sameera A. Almulla
Youssef Iraqi
Andy Jones, Edith Cowan University

Abstract

Researchers in the field of cloud forensics need to move away from insisting on acquiring all data - as has historically been the case in computer forensicsand yet still be able to prove the accuracy, sufficiency and soundness of partially acquired data. Virtualization is considered to be one of the main pillars in providing cloud services. In some cases, investigators might end up having to rely on suspect Virtual Machine (VM) snapshots in the form of memory dumps and user activity logs. Then, in these cases the main challenge is to analyse these memory dumps without altering the evidence. In this paper, after assessing static and live forensics tool in examining cloud based snapshot, we propose a forensic process model based on the NIST model to examine the private cloud based VM snapshots (e.g. XenServer). Moreover, we examined snapshots using existing digital forensic tools and were able to successfully acquire data without the need to transform the snapshot files.

RAS ID

26333

Document Type

Journal Article

Date of Publication

2017

Location of the Work

India

School

School of Education

Copyright

free_to_read

Publisher

Digital Information Research Foundation

Comments

Almulla, S., Iraqi, Y., & Jones, A. (2017). Feasibility of Digital Forensic Examination and Analysis of a Cloud Based Storage Snapshot. Journal of Digital Information Management, 15(1), 19. Available here.

Recommended Citation

Almulla, S. A., Iraqi, Y., & Jones, A. (2017). Feasibility of digital forensic examination and analysis of a cloud based storage snapshot. Retrieved from https://ro.ecu.edu.au/ecuworkspost2013/2926