Research on field migration technology for forensics in cloud computing environment

Doctoral dissertation Research on field migration technology for forensics in cloud computing environment

Huazhong University of Zhou

First, a new computer forensics model based on cloud computing environment-cloud computing model is proposed, which defines the working level in cloud computing environment, and depicts the complete forensics mechanism through scene description and division of Process components. Through the proof of the integrality and strong isolation of the cloud computing model, we can analyze the virtual machine image file as the object of forensics, and then realize the computer forensics process in the cloud computing environment.

Secondly, in the cloud computing platform through the control of the virtualization software layer, using its state transition, a virtual machine image file Migration method is proposed. By saving and reconstructing the process identification, memory mapping, network connection information and file system information of the upper virtual machine when the virtualization software layer migrates, the whole system state of the virtual machine can be saved and loaded through localized mirroring. The virtual machine image is migrated from the cloud computing platform to the local forensics environment to realize the acquisition of electronic evidence in the cloud computing platform.

Thirdly, because the migrated virtual machine image files need to be loaded in the localization, the forensic analysis can be further carried out. In order for the mirrored file to load normally in the local environment, a temporary disk partition that is allocated by the file system is designed as a place for information interaction between the mirrored file system and the operating system of the local device to maintain consistency between the hardware configuration and services of the two systems so that the virtual machine image files are loaded correctly

Finally, in order to conveniently find the object files of analyzing and managing forensics, a database management structure is proposed for the image file. Through the research of the above methods, we realize the work of obtaining evidence in cloud computing environment.

Keywords: cloud computing, computer forensics, forensics models, System virtualization, Virtual machine mirroring, virtual machine migration, on-site forensics

[Download Address]:http://bbs.chinacloud.cn/showtopic-13437.aspx