A Log-Structured Block Preservation and Restoration System for Proactive Forensic Data Collection in the Cloud - Citegraph

Paper Info

Title
A Log-Structured Block Preservation and Restoration System for Proactive Forensic Data Collection in the Cloud

Abstract
Preservation and data collection in cloud environments are difficult because forensic data are volatile and they are scattered in many servers. This paper describes a novel surveillance mechanism for virtual block devices on IaaS cloud environments. We first describe some related work on backup applications, versioning file systems, and virtual machine introspection systems that can be applied to cloud forensics. The proposed log-structured block preservation and restoration system can be used for recording cloud consumers' write operations on virtual block devices and for restoring the state of a virtual block device at an arbitrary point in time. This paper presents a design and an implementation of the proposed system by using Xen hypervisor. The prototype implementation achieved better read and write performance compared to the baseline driver provided by Xen when we ran four or more virtual machines simultaneously. This paper shows two forensic applications for preserved data blocks: a file tracking application and a novel diff command that supports time travel.

Year	DOI	Venue
2016	10.1109/ARES.2016.8	2016 11th International Conference on Availability, Reliability and Security (ARES)
Keywords	Field	DocType
cloud forensics,surveillance,virtual block devices,timeline analysis,proactive data collection,IaaS clouds	Data collection,Virtual machine,Computer security,Computer science,Server,Device file,Hypervisor,Backup,Cloud computing,Software versioning	Conference
ISBN	Citations	PageRank
978-1-5090-0991-6	0	0.34
References	Authors
0	2

Authors (2 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Manabu Hirano	1	0	0.34
Hiromu Ogawa	2	0	0.34

1