Forensic Analytics for Acquiring and Preserving Reliable Data from Cloud Hypervisors

Cloud computing is this decade’s major computing advancement. Many business enterprise remain reluctant to move their business IT to the Cloud due to security concerns and the unknown. Cloud services perpetrate this perception by not allowing customers to see into their virtual operations, thus making it difficult to perform digital investigations. In Cloud forensics the lack of physical access to servers constitutes a new and disruptive form of forensic investigative challenge. Due to the decentralized nature of data processing, the traditional approaches to evidence collection and recovery are not practical. Live forensic is important to maintain cloud security. Current forensic tools run on the OS or as an extra hypervisor. Cloud security faces the new challenge of forensic reliability. Cloud forensic tools are not reliable for two reasons: 1.) The OS can be deceived by a compromised OS. 2.) The huge code size of hypervisors makes them vulnerable. This paper will review hypervisors that provide code integrity, data integrity and security integrity. The authors explore the technical aspects of hypervisors that provide live digital forensics friendly environments in the cloud and introduce problems associated with cloud forensic investigations. Further they will compare and rank forensic friendly cloud hypervisor features that exist today in the market place: