Role of VM in cloud foreniscs?

Every cloud environment would have the administration and management of its services performed by an entity called the Cloud Service Provider (CSP) . The approach to cloud computing varies with different providers and different service models and deployment models. Thus digital forensics in cloud varies according to the

service and deployment models. In SaaS and PaaS, log information is collected as evidence and in IaaS model, VM image is taken as

evidence. We can get access to the physical devices in

private deployment model but not in the public cloud.

When users request for VM, the associated data will be

stored in cloud datacenters based on the users’ request. Once

a user terminates the VM, the associated data will be lost. If

VM performs malicious activity, he can terminate the VM

losing the volatile data which makes forensic investigation

impossible. Terminating VM does not allow reconstruction

of crime scene which would have help d in finding the user

responsible for the attack.

There is an significant increase of digital devices

using the cloud but limited power is given to investigators to obtain

the data legally. The Service-level Agreement may not

mention the terms and conditions regarding the role of the

CSP in the investigation and responsibility of the CSP during a crime incident . Also the CSP may not have

maintained the log files and logging mechanism which

are really useful for identifying malicious activities. Collecting

these log files for investigation is difficult because the investigator need to depend on the CSP.

Virtual Machine Monitor (VMM) or a VM running under

the VMM analyzes the attacked VM when attack is

identified. This technique is called Virtual Machine

introspection (VMI). Malicious events can be identified by

performing Virtual Machine Introspection which is the

technique of examining a running VM from either another

VM not under examination or from the hypervisor.

Many tools exist for performing traditional digital forensics . These

tools access the physical devices and perform forensic analysis. D

ue to inaccessibility to physical devices in cloud, it lacks the

tools required for gathering forensic evidence.

Availability of laser assisted machining (turning) in India?

How to Design Pre-charged SRAM Circuit and its Array.?

Is it possible to view stress distribution in the RVE used to find the composite properties in Ansys Material Designer?

What is rfid technology?

Is there any CAD tool for generating 2D open cell foams?

Bright/concentrated spot on the fluorescent microscopic image?

I have performed docking of isatin derivatives on molegro virtual docker, unfortunately ketone double bonds are missing?

How do I integrate and develop multiple bluetooth modules in one module?

What is the major difference between the medium , bulk and nano powders xrd values changes in zinc oxide mixed compound?

How to get IEEE membership for free ?

How can i do multivariate Time Series forecast using MLP, ANFIS and LSTM?

Need help with my research project on open source SIEM and machine learning?

How to start a Molecular Dynamics Simulation?

What are the limitations and challenges of using machine learning for predicting concrete compressive strength in practical applications?

Which test should be used to study association among demographic profile and awarness level?

Which will be the best software for the Hydration shell analysis with molecular dynamics?

How to choose the journal?

Can we patent a process flow diagram developed using a process simulator but no actual cases is carried out?

The use of data from PubChem for commercial purposes?

How to restart MD without using checkpint file in GROMACS?