| Cloud forensics technology is an emerging inter-technology of the traditional electronic forensics technology and the cloud computing technology.As the cloud computing has characteristics of multi-tenant,virtualization etc.,the traditional forensics tools for forensics framework are no longer applicable.Container virtualization technology is an important technology in cloud computing,but the technology is not widely used as its immaturity,so the cloud platform forensics research is mainly focused on the evidence extraction from the cloud host,and the container forensics technology is rarely studied.Based on the OpenStack private cloud platform and Docker container integration,this paper creates a containerized virtual machine instance and studies the container-based IaaS cloud forensics framework.It constructs the IaaS cloud forensic framework IDIF and implements the IDIF forensic system through the forensic framework.The IDIF forensic system includes forensic control terminal and forensic agent terminal.The forensic agent terminal can realize the extraction of the virtual machine and the container data,and push the image snapshot to the forensic control terminal;The Docker Registry of the forensic control terminal can receive the image snapshot pushed by the forensic agent terminal,which can improve the data transmission efficiency between the forensic agent terminal and forensic control terminal.This paper builds the open source cloud computing platform Openstack and integrates it in the expanded Nova-driven way with the Docker to accomplish the evidence system IDIF.The experimental results show that IDIF can obtain evidence from the virtual machine and container data,greatly reduce the interruption time of the container during the forensic process,optimize the transmission rate of the virtual machine image between the forensic agent terminal and the forensic control terminal,and guarantee the security of stored evidence data effectively through encrypting or decrypting by OpenSSL. |
PDF Full Text Request