Repository logo
 

Locating and Extracting Digital Evidence From Hosted Virtual Desktop Infrastructures: Cloud Context

Files

Whole thesis(3.4 MB)

Date

2012

Authors

Supervisor

Narayanan, Ajit

Item type

Thesis

Degree name

Master of Forensic Information Technology

Journal Title

Journal ISSN

Volume Title

Publisher

Auckland University of Technology

Abstract

The development of virtualization started in 1960, when VMware introduced partitioning of large mainframes for better hardware utilization. (Virtualization History, 2010) Since then virtualization has matured and been adopted to a wide extent in the industry. Recent developments include branching into areas of server virtualization, storage and application virtualization and, very recently, desktop virtualization. Desktop virtualization has so far been through two models: the Client hosted model, which is typically operated from the user’s workstation using Windows Virtual PC; and the VMware workstation or Java Virtual Machine (VM). However, recently a third model has emerged, called the server hosted model or Hosted virtual desktop (HVD), which is a virtualized form of desktop (VM) delivered to users from the cloud infrastructure. In other words virtualization in computing has progressed to an extent where desktops can be virtualized and accessed from anywhere. The server hosted model has already surpassed 1% market share of the worldwide professional PC market, with estimates indicating that this is a rapidly growing area. This study investigates the adequacy of current digital forensic procedures on hosted virtual desktops (HVDs) as there does not appear to be specific methods of locating and extracting evidences from this infrastructure. Using the Forensic Iterative Development Model (FIDM), HVDs deployed in private cloud were simulated to reflect three different computer crime (quasiexperimental) scenarios. It was found that current digital forensic procedures may not be adequate for locating and extracting evidence, since the infrastructure in scenario 2 and 3 introduces complications such as non-persistent disk modes and segregating data in a multitenant environment. However in scenario 1, findings illustrate that all standard investigation techniques can be followed as a result of the persistent user environment. Furthermore, suggestions are made to extend the current research in the areas of techniques to acquire virtual machines from hypervisors, hashing evidence and forensic readiness in environments consisting HVDs.

Description

Keywords

Cloud forensics, Cloud Computing, Desktop Virtualization, Hosted desktop virtualization

Source

DOI

Publisher's version

Rights statement

Permanent link

https://hdl.handle.net/10292/4582

Collections

Masters Theses