Research On Forensics Cloud Platform Based On Cloud Introspection Technology

With the rapid development and increasing popularity of cloud computing technology,the global cloud market is showing a rapid growth trend.At the same time,cloud security issues become a bottleneck which hinders the development of cloud computing.The security events in the cloud happen from time to time and are impossible to defend effectively.How to accurately analyze the cause and trace the source of security incidents in the cloud has promoted the research of cloud forensics technology.Cloud forensics technology can provide technical support for preventing illegal criminal activities in the cloud and safeguard the legitimate rights and interests of cloud users.However,cloud forensics technology faces many challenges in evidence acquisition and evidence analysis.The distrust between cloud users and cloud service providers and relying on the cloud service providers so much are difficult issues to be addressed during cloud forensics.Therefore,the establishment of a secure and trusted forensic environment not only relies on cloud users and cloud services providers working together,but also requires the help of independent third parties to conduct the forensic process.This paper proposes a third-party forensics cloud platform architecture.The main research work and achievement are as follows:(1)Based on the research of cloud computing platform evidence acquisition technology,a multi-source evidence acquisition method is proposed.By acquiring the logs of user virtual machine in-VM,acquiring the memory dump files and virtual disk files of user machine out-of-VM,and acquiring the relevant information of hypervisor and hardware from the cloud management platform,multi-source evidence acquisition was achieved to ensure a more complete access to the status information of retained in the cloud,which provided the basic guarantee for accurate analysis and traceability of security events.(2)Based on the research of cloud computing platform evidence analysis technology,a multi-source collaborative analysis method is proposed.Through the collaborative analysis of the log files,memory dump files,virtual disk files of user virtual machine,valid information can be effectively analyzed from multi-source evidence and and the ability to accurately analyze and trace the source of security events can be improved.(3)On the basis of the above research,a third-party forensics cloud platform architecture based on cloud introspection technology is proposed.Through evidence acquisition in the user cloud and evidence analysis in the forensics cloud,the forensic work in the cloud can be effectively completed.(4)The basic architecture of a third-party forensics cloud platform based on cloud introspection technology was built,and the validity of the forensics cloud platform was verified through relevant experiments.The results of the experiments show that the forensics cloud platform can effectively complete the evidence acquisition and evidence analysis in cloud forensics,which has positive significance for improving cloud security.