A NOVEL EVIDENCE INTEGRITY PRESERVATION FRAMEWORK (EIPF) FOR VIRTUALISED ENVIRONMENTS: A DIGITAL FORENSIC APPROACH

Virtualisation technologies have established their importance as core components of modern digital communications. With the increasing trend towards outsourcing and cloud services, virtualisation features such as; versioning, isolation, encapsulation and their exploitability from adversaries becomes a critical area for system integrity. From a digital forensics perspective, the sole aim of preserving integrity is to ensure admissibility. This paper focuses on the identification of threats to the integrity of digital evidence using the VMware hypervisor as an example case study. A novel Evidence Integrity Preservation Framework (EIPF) is introduced which can be scaled for virtualised environments using Clark-Wilson’s principles. The key parameters of our EIPF include the strength of the hashing functions, the relative number of evidence attributes used and the number of evidence “cycles”. A Reliability Rating Factor (R) is also derived as a means of conceptualising integrity levels and imposing restrictions based on known processes related to data integrity.