(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring

Nakamura, Toru; Ito, Hiroshi; Kiyomoto, Shinsaku; Yamauchi, Toshihiro

doi:10.1007/978-3-030-85987-9_4

Permalink : http://escholarship.lib.okayama-u.ac.jp/63165

ID	63165
FullText URL	fulltext20220204-1.pdf 669 KB
Author	Nakamura, Toru KDDI Research, Inc. Ito, Hiroshi Graduate School of Natural Science and Technology, Okayama University Kiyomoto, Shinsaku KDDI Research, Inc. Yamauchi, Toshihiro Graduate School of Natural Science and Technology, Okayama University ORCID Kaken ID publons researchmap
Abstract	In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program xecution and the overhead of the solution.
Keywords	Virtual machine introspection Forensics OS security
Note	This is the version of the book manuscript accepted for publication after peer review, but prior to copyediting and typesetting. This fulltext is available in Aug. 2023. IWSEC 2021: Advances in Information and Computer Security pp 64-73
Published Date	2021-08-27
Publication Title	Advances in Information and Computer Security\|Lecture Notes in Computer Science
Volume	volume12835
Publisher	Springer International Publishing
Start Page	64
End Page	73
ISSN	0302-9743
NCID	BC11247320
Content Type	Book
language	English
OAI-PMH Set	岡山大学
Copyright Holders	© Springer Nature Switzerland AG 2021
File Version	author
DOI	10.1007/978-3-030-85987-9_4
Web of Science KeyUT	000708084400004
Related Url	isVersionOf https://doi.org/10.1007/978-3-030-85987-9_4
Citation	Nakamura T., Ito H., Kiyomoto S., Yamauchi T. (2021) (Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring. In: Nakanishi T., Nojima R. (eds) Advances in Information and Computer Security. IWSEC 2021. Lecture Notes in Computer Science, vol 12835. Springer, Cham. https://doi.org/10.1007/978-3-030-85987-9_4
Funder Name	Japan Society for the Promotion of Science
助成番号	19H04109 19H05579