A Framework of TPM, SVM and Boot Control for Securing Forensic Logs

Abstract

Computer logs files contain the crucial information that is stored and can be an important forensics evidence of attacks and actions of a system. Cyber forensics can be one of the important solutions to systematically gather, process, interpret and utilize digital evidence and log of the activities and events of a system is one of the most important resources of analyzing the evidence for researchers, therefore a secure storage of forensic log is our main focus. In this paper, we propose a Trusted Module Platform (TPM)-based solution along with using Secure Virtual Machines (SVM) to secure the storage of forensic logs of the system for cyber forensics investigation. Since TPM provides protection before system boot process, it heavily limits the number of attacks that may bypass. Also SVM provide a secure environment to test software before installing on the client-machine. To ensure a secure logging system, our model will be using a smart combination of TPM, SVM and secure boot control to provide maximum log protection.