CFIM: Toward building new cloud forensics investigation model

Abstract

In recent times, cybercrime investigation in cloud computing poses complex challenges due to virtualization, volatile data, deleted data, and dynamic and distributing nature of cloud computing. Performing cybercrime investigation in cloud environment is called Cloud Forensics. With the intention of overcoming these challenges, this paper introduces a Cloud Forensics investigation model (CFIM) that can help to investigate cybercrimes in the cloud in forensically sound and timely fashion. The proposed model is an intelligent system that is able to take a snapshot periodically for each virtual machine running in the cloud, sends it automatically to trusted center server (TCS) that is responsible for monitoring and recording the status of the virtual machine and finally, sends it to the forensic server (FS) to perform forensic analysis. This model can increase probability of tracking attackers, determining weaknesses of virtual machines for future use, and also can support in the process of extraction and collection of digital evidence.