

<?xml version="1.0" encoding="UTF-8"?>
<record>
  <title>Feasibility of Digital Forensic Examination and Analysis of a Cloud Based Storage Snapshot</title>
  <journal>Journal of Digital Information Management</journal>
  <author>Sameera Almulla, Youssef Iraqi, Andrew Jones</author>
  <volume>15</volume>
  <issue>1</issue>
  <year>2017</year>
  <doi></doi>
  <url>http://dline.info/fpaper/jdim/v15i1/jdimv15i1_3.pdf</url>
  <abstract>Researchers in the field of cloud forensics
need to move away from insisting on acquiring all data -
as has historically been the case in computer forensicsand
yet still be able to prove the accuracy, sufficiency
and soundness of partially acquired data. Virtualization
is considered to be one of the main pillars in providing
cloud services. In some cases, investigators might end
up having to rely on suspect Virtual Machine (VM)
snapshots in the form of memory dumps and user activity
logs. Then, in these cases the main challenge is to analyse
these memory dumps without altering the evidence. In
this paper, after assessing static and live forensics tool
in examining cloud based snapshot, we propose a forensic
process model based on the NIST model to examine the
private cloud based VM snapshots (e.g. XenServer).
Moreover, we examined snapshots using existing digital
forensic tools and were able to successfully acquire data
without the need to transform the snapshot files.</abstract>
</record>
