| The main advantages of cloud computing are its lower cost by use of computing services to achieve sustainability, and both business and individual users being able to achieve the freedom of information sharing through the cloud mass information. Although cloud computing can provide efficient service to customers, but criminals can also conduct illegal activities on this platform. Forensic technology is effective, proven violations method to prevent crime. But the traditional file-based evidence approach is not suited for cloud computing service model. Large-scale distributed heterogeneous virtual computing infrastructure of non-authorized investigation and evidence gathering is a big challenge in cloud computing environment. In order to meet these changes, forensic work has become an important issue in the cloud computing environment.System virtualization and data migration technology is possible to use for forensic work in cloud computing environment. Cloud computing is a virtualization platform in the business model. There is lack of available evidence model a cloud computing environment. Cloud computing platform can be viewed as a system composed by multiple virtual organizations if the evidence is modeled by the cloud. And the instance of virtual machines can be used as forensic analysis. In order to obtain the object of forensic analysis, we get use of the site migration technology, virtualization software layer on the virtual machine instances of information security, to ensure the content of the image file transfer integrity and consistency. In order to locate the system in a virtual machine image file to load the forensic analysis by using a separate partition for the temporary image file system image file and the exchange of information between localized sites, you can load the virtual machine image file correctly, the cloud computing evidence of work-site environment.Therefore, firstly, we proposed a new environment in the cloud model of computer forensics-Cloud Computing Forensics Model (CCFM), CCFM defines the evidence of work under the cloud level, through the scene description and process components division, gives evidence of a complete model. Through the cloud computing model integrity and strong evidence of proof isolation, the virtual machine image file can be analysized as evidence in the cloud computing environment to fulfill computer forensics process.Secondly, a virtual machine image files migration method have been proposed in the cloud platform virtualization software layer with the use of the state transition. Through the migration of the virtualization software layer on top of virtual machine state, the process of identity, memory mapping, network connection information, and file system information preservation and reconstruction of the design, you can save the complete state of the system virtual machine, and by localization Image loading, the entire virtual machine image transfer from the cloud computing platform to the local forensics analysis environment, under the cloud computing platform for electronic evidence.Thirdly, a temporary disk image loading methods is introduced. Because migration the virtual machine image file need load in the localization to further forensic analysis. To make image files can be loaded properly in the local environment, the design of a provisional allocation of non-file system image file system disk partition as the operating system and local device information exchange between the sites, to keep the two systems and services in the hardware configuration the consistency of the virtual machine image file loaded correctly.Finally, a forensic image files in the database involved in the management structure to facilitate the analysis and management to find evidence of the object file. We can achieve evidence by the above method in cloud computing environment.
|
PDF Full Text Request