Title :
Cloud Log Forensics Metadata Analysis
Author :
Thorpe, Sean ; Ray, Indrajit ; Grandison, Tyrone ; Barbir, Abbie
Author_Institution :
Fac. of Eng. & Comput., Univ. of Technol., Kingston, Jamaica
Abstract :
The increase in the quantity and questionable quality of the forensic information retrieved from the current virtualized data cloud system architectures has made it extremely difficult for law enforcement to resolve criminal activities within these logical domains. This paper poses the question of what kind of information is desired from virtual machine (VM) hosted operating systems (OS) investigated by a cloud forensic examiner. The authors gives an overview of the information that exists on current VM OS by looking at it´s kernel hypervisor logs and discusses the shortcomings. An examination of the role that the VM kernel hypervisor logs provide as OS metadata in cloud investigations is also presented.
Keywords :
cloud computing; computer forensics; information retrieval; law; meta data; operating systems (computers); virtual machines; virtualisation; OS metadata; VM hosted OS; VM kernel hypervisor logs; cloud forensic examiner; cloud investigations; cloud log forensics metadata analysis; criminal activities; current virtualized data cloud system architectures; forensic information retrieval; law enforcement; logical domains; virtual machine hosted operating systems; Cloud computing; Digital forensics; File systems; Kernel; Virtual machine monitors; Cloud; Forensics; Hypervisor; Logs; Metadata;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual
Conference_Location :
Izmir
Print_ISBN :
978-1-4673-2714-5
Electronic_ISBN :
978-0-7695-4758-9
DOI :
10.1109/COMPSACW.2012.44
