Evidence and Cloud Computing:
The Virtual Machine Introspection Approach

Rainer Poisel¹⁺, Erich Malzer², and Simon Tjoa¹ 

 
¹St. Poelten University of Applied Sciences
St. Poelten, Austria
{rainer.poisel,~simon.tjoa}@fhstp.ac.at

²Open Networks
Vienna, Austria
em@ong.at

 

Abstract

Cloud forensics refers to digital forensics investigations performed in cloud computing environments. Nowadays digital investigators face various technical, legal, and organizational challenges to keep up with current developments in the field of cloud computing. But, due to its dynamic nature, cloud computing also offers several opportunities to improve digital investigations in cloud environments. The enormous available computing power can be leveraged to process massive amounts of information in order to extract relevant evidence. In the first part of this paper we focus on the current state-of-the-art of affected fields of cloud forensics. The benefit for the reader of this paper is therefore a clear overview of the challenges and opportunities for scientific developments in the field of cloud forensics. As this paper represents an extended version of our paper presented at the ARES 2012 conference, we describe digital forensics investigations at the hypervisor level of virtualized environments in greater detail. cloud computing setups typically consist of several virtualized computer systems. Therefore we introduce the reader to the topic of evidence correlation within cloud computing infrastructures.
 

Keywords: Cloud Computing, Digital Forensics, Cloud Forensics, Hypervisor Forensics, Evidence Correlation

 

+: Corresponding author: Rainer Poisel
St. Poelten University of Applied Sciences, Matthias Corvinus-Straße 15, A-3100 St. Poelten, Austria,
Tel: +43 2742 313 228 637

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 4, No. 1, pp. 135-152, March 2013 [pdf]