Cloud log forensics metadata analysis

Abstract

The increase in the quantity and questionable quality of the forensic information retrieved from the current virtualized data cloud system architectures has made it extremely difficult for law enforcement to resolve criminal activities within these logical domains. This paper poses the question of what kind of information is desired from virtual machine (VM) hosted operating systems (OS) investigated by a cloud forensic examiner. The authors gives an overview of the information that exists on current VM OS by looking at it's kernel hypervisor logs and discusses the shortcomings. An examination of the role that the VM kernel hypervisor logs provide as OS metadata in cloud investigations is also presented. © 2012 IEEE.