I am afraid that you would have to create such a dataset yourself, which is another project in itself...

Hi Shaik

When it comes to cloud forensics, there is one fundamental fact that you must always remember. And that is that cloud forensics is not the same as conventional computer forensics. With a convntional computer system, the hard disk forms an elementary part of the package. With cloud, you do not necessarily have a physical hard drive.

The main concept of cloud computing is the ability for the cloud service provider (CSP) to be able to supply compute and storage resources on demand to service user needs, as and when they arise. This can mean that resources are scaled up as required, but can also be scaled down when demand drops. This, in turn, means the user system is not static.

For the sake of resiliance, some CSPs will mirror user services, some may use an element of static storage, but many will simply shift storage to optimise resource utilisation. Sometimes live cloud instances will be migrated without the user being aware.

Why does this matter for cloud forensics? First, with generally no fixed hard drive available, there is less likely to be a fixed forensic trail available. If specific provision is not made to retain a full forensic trail in permanent storage, then none will be available. When an instance is shut down, all the associated data disappears with it. The resource space is instantly recycled by the CSP, meaning there will be no further opportunity to analyse the disk space forensically.

The point I am making here is that if you are likely to have to carry out cloud forensics, you need to ensure that you take all necessary steps BEFORE you become involved in order to ensure you will have something to examine forensically. This becomes vitally important where there is a considerable time between breach and discovery. Most attackers will seek to cover the forensic trail they have left behind, meaning there may well be little to no forensic trail left for you to examine.

Regards

Bob

As a part of my research I have generated Cloud Forensic dataset which are published on the following links you can check that out. A description of the dataset is also given. You can refer to my papers or contact me for more details.

Cheers.

1. https://ieee-dataport.org/open-access/evidence-detection-cloud-forensics

2. https://ieee-dataport.org/documents/memory-dumps-virtual-machines-cloud-forensics

3.https://ieee-dataport.org/documents/opennebula-virtual-machine-profiling-intrusion-detection-system

All these datasets are generated by collecting data at the hypervisor level.

Article BiSHM: Evidence detection and preservation model for cloud forensics

Conference Paper Information retrieval for cloud Forensics

Article A Comprehensive Study of Cloud Forensics