Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.6A.163

A Study on the Admissibility of the Virtual Machine Image File as a Digital Evidence in Server Virtualization Environment  

Kim, Dong-Hee (Graduate School of Information Management and Security, Korea University)
Baek, Seung-Jo (Graduate School of Information Management and Security, Korea University)
Shim, Mi-Na (Graduate School of Information Management and Security, Korea University)
Lim, Jong-In (Graduate School of Information Management and Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.6A, 2008 , pp. 163-177 More about this Journal
Abstract
As many companies are considering to use server virtualization technology to reduce cost, the crime rates in virtual server environment are expected to be increasing rapidly. The server virtualization solution has a basic function to produce virtual machine images without using any other disk imaging tools, so that investigating virtual servers are more efficient because the investigator only has to collect the virtual machine image and submit it to the court. However, the virtual machine image has no admissibility to be the legal evidence because of security, authenticity, procedural problems in collecting virtual machine images on virtual servers. In this research, we are going to provide requirements to satisfy security, authenticity and chain of custody conditions for the admissibility of the virtual machine image in server virtualization environment. Additionally, we suggest definite roles and driving plans for related organizations to produce virtual machine image as a admissible evidence.
Keywords
Digital Forensics; Digital Evidence; Server Virtualization; Virtual Machine Image; Admissibility;
Citations & Related Records
연도 인용수 순위
  • Reference
1 IDC, "irtualization and Multi-core Innovations Disrupt the Worldwide Server Market" March 2007
2 NIST, "Digital Forensics at the National Institute of Standards and Technology, NISTIR 7490", 2008.4
3 이규안, 박대우, 신용태, "포렌식 자료의 무결성 확보를 위한 수사현장의 연계관리 방법 연구", 한국컴퓨터정보학회 2006동계학술발표논문집&학회지, 14(2), December 2006
4 한국 IBM 시스템테크놀로지그룹, 가상화 기술의 새로운 패러다임, 한국경제신문, 2007
5 S. Garfinkel, "nti-Forensics: Techniques, Detection and Countermeasures" Proceeding of The 2nd International Conference on i-Warfare and Security, 2007
6 오기두, "형사절차상 컴퓨터 관련증거의 수집 및 이용에 관한 연구", 서울대학교 학위논문, 1997
7 Lorraine v. Markel American Insurance Co., U.S. Dist. LEXIS 33020(D. Md.), May 2007
8 D.Bem, E. Huebner, "Computer Forensic Analysis in a Virtual Environment", International Journal of Digital Evidence, 6(2), Fall 2007
9 U.S. Federal Rules of Evidence http://www.uscourts.gov/rules/Evidence_Rules_ 2007.pdf
10 Jesse D. Kornblum, "xploiting the Rootkit Paradox with Windows Memory Analysis" International Journal of Digital Evidence, 2006
11 IDC, "Worldwide Virtual Machine Software 2008-2012 Forecas", May 2008
12 United States Department of Justice, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations", July 2002
13 D. Bem, E. Huebner, "Analysis of USB Flash Drives in a Virtual Environment", Small Scale Digital Device Forensics Journal, 1(1), June 2007
14 Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579, 1993
15 NIST Computer Forensic Tool Testing Program, http://www.cftt.nist.gov
16 김동희, 백승조, 심미나, 임종인, "가상서버 시스템의 안전한 하이퍼바이저 설계에 요구되는 보안 요소", 한국정보보호학회 2007동계학술대회, 17(2), pp.661-666, 2007
17 A. Arnes, P. Haas, G. Vigna, R. Kemmerer, "Digital Forensic Reconstruction and the Virtual Security Testbed ViSe", Vol.4064. 2006
18 한국정보통신기술협회(TTA), "컴퓨터 포렌식 가이드라인(정보통신단체표준 TTAS.KO-12.0058)", 2007
19 J. Smith, R. Nair, Virtual Machines, Elsevier, 2005, p.370