forensic

In the past of computer security, a variety of techniques and products have been developed with the goal of preventing incidents including cyber-crimes and quickly recovering the system and its service. However, spry cracker communities are multiplying attacks represented by Zero-day attacks, and proactive incident management is almost hitting its limit. This results in increasing importance of incident response, or reactive incident management, which is to analyze the cause and the damage of the incident for rapid system recovery and recurrence prevention. Digital forensics, a technique that is gathering logs and evidences when an incident occurred and scientifically guaranteeing that they are legally valid, plays an important role in incident response. Among the digital forensics techniques, cloud forensics is one focusing on incident response in the cloud computing. Cloud environment consists of vast and diverse software and hardware running geographically dispersed but complexity affecting each other. Picking up and investigating those which is involved in the incident from enormous amount of logs and data require considerable effort.

We have proposed a method of efficient log file management system which prevents log file alteration and leakage of confidential information. This method is based on VM Secure Processor, our proposing platform against information leakage. Furthermore, we have implemented and evaluated its capital function including hash calculation and signing, and this show its low circuit area and sufficient performance meets practical use.