%0 Journal Article
%T An Experimental Survey Towards Engaging Trustable Hypervisor Log Evidence Within a Cloud Forensic Environment
%A Sean Thorpe
%J International Journal of Computer Science & Information Technology
%D 2013
%I Academy & Industry Research Collaboration Center (AIRCC)
%X In this survey paper the author explores the technical as well as high level conceptual trust issues that arisein acquiring log forensic evidence from the virtual machine (VM) hosted operating systems within the dataclouds. This specific survey work is done at the University of Technology [UTECH], Jamaica, whichcurrently functions as its own independent private data cloud provider. The data acquisition is particular tothe hypervisor system logs that can be used to track VM incidences which are later used to compilepotential evidence for a cloud investigation. This work also presents a model to show the layers ofvirtualization trust that can arguably be used to support the collection of such log evidence. The paperprovides the context for the support of such cloud digital investigations and analyzes the choices availableto a forensic investigator using proof of concept experiments. The experimental work is achieved by makinga comparative evaluation of popular forensic acquisition tools including Guidance EnCase andAccessData Forensic Toolkit, as to how volatile and non-volatile hypervisor log data can be collected.Finally the paper explores three solutions for the managed log evidence data acquisition phase within acloud investigation.
%K Forensic
%K Log
%K Cloud
%K Trust
%K Hypervisor
%U http://airccse.org/journal/jcsit/4612ijcsit10.pdf