Data Preservation and Digital Forensics for Virtual Machines
No Thumbnail Available
Date
2019
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
UMT, Lahore
Abstract
Cloud computing is an emerging trend these days. It offers computation and storage at a relatively low-cost due to its pay per use policy. However, it has created new concerns regarding security, as all the conventional methodologies and tools for investigation fall short for cloud computing investigation. Study of recent research papers has shown that no definite strategy exists to cater this issue. Certain methodologies have been proposed by researchers but a major issue, i.e., loss of records which is vital for digital forensics due to termination of virtual machines, remains unsolved and unaddressed. Our main aim is to address this issue and propose a possible and practical solution for it. All terminating virtual machines cannot be stored for forensic because of high cost of storing huge amount of data. In our solution only relevant data of virtual machines will be stored as an XML file. Further a list of software is extracted from this XML file and it is used to find out how much risky is this virtual machine and it can give an idea to forensics experts that what type of malicious activity could have been conducted with it before it was terminated.