start-ver=1.4
cd-journal=joma
no-vol=12835
cd-vols=
no-issue=
article-no=
start-page=64
end-page=73
dt-received=
dt-revised=
dt-accepted=
dt-pub-year=2021
dt-pub=20210827
dt-online=
en-article=
kn-article=
en-subject=
kn-subject=
en-title=
kn-title=(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring
en-subtitle=
kn-subtitle=
en-abstract=
kn-abstract=In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program xecution and the overhead of the solution.
en-copyright=
kn-copyright=

en-aut-name=NakamuraToru
en-aut-sei=Nakamura
en-aut-mei=Toru
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=1
ORCID=

en-aut-name=ItoHiroshi
en-aut-sei=Ito
en-aut-mei=Hiroshi
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=2
ORCID=

en-aut-name=KiyomotoShinsaku
en-aut-sei=Kiyomoto
en-aut-mei=Shinsaku
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=3
ORCID=

en-aut-name=YamauchiToshihiro
en-aut-sei=Yamauchi
en-aut-mei=Toshihiro
kn-aut-name=
kn-aut-sei=
kn-aut-mei=
aut-affil-num=4
ORCID=

affil-num=1
en-affil=KDDI Research, Inc.
kn-affil=

affil-num=2
en-affil=Graduate School of Natural Science and Technology, Okayama University
kn-affil=

affil-num=3
en-affil=KDDI Research, Inc.
kn-affil=

affil-num=4
en-affil=Graduate School of Natural Science and Technology, Okayama University
kn-affil=
en-keyword=Virtual machine introspection
kn-keyword=Virtual machine introspection
en-keyword=Forensics
kn-keyword=Forensics
en-keyword=OS security
kn-keyword=OS security
END