Dissertation/Thesis Abstract

Digital Forensic Acquisition of Virtual Private Servers Hosted in Cloud Providers that Use KVM as a Hypervisor
by Montironi, Adolfo Angel, M.S., Purdue University, 2018, 171; 10845501
Abstract (Summary)

Kernel-based Virtual Machine (KVM) is one of the most popular hypervisors used by cloud providers to offer virtual private servers (VPSs) to their customers. A VPS is just a virtual machine (VM) hired and controlled by a customer but hosted in the cloud provider infrastructure. In spite of the fact that the usage of VPS is popular and will continue to grow in the future, it is rare to find technical publications in the digital forensic field related to the acquisition process of a VPS involved in a crime. For this research, four VMs were created in a KVM virtualization node, simulating four independent VPSs and running different operating systems and applications. The utilities virsh and tcpdump were used at the hypervisor level to collect digital data from the four VPSs. The utility virsh was employed to take snapshots of the hard drives and to create images of the RAM content while the utility tcpdump was employed to capture in real-time the network traffic. The results generated by these utilities were evaluated in terms of efficiency, integrity, and completeness. The analysis of these results suggested both utilities were capable of collecting digital data from the VPSs in an efficient manner, respecting the integrity and completeness of the data acquired. Therefore, these tools can be used to acquire forensically-sound digital evidence from a VPS hosted in a cloud provider’s virtualization node that uses KVM as a hypervisor.

Indexing (document details)
Advisor: Rogers, Marcus K.
Commitee: Seigfried-Spellar, Kathryn C., Springer, John A.
School: Purdue University
Department: Computer and Information Technology
School Location: United States -- Indiana
Source: MAI 58/01M(E), Masters Abstracts International
Subjects: Computer science
Keywords: Acquisition, Cyberforensics, Digital forensics, KVM, VPS, Virtualization
Publication Number: 10845501
ISBN: 9780438371637
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy