Since publishing VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment, I have continued to consider aspects of Digital Forensics and how current methodologies would be impacted by the cloud. My use case for this is 40,000 VMs with 512 Servers and roughly 1000 tenants. What I would consider a medium size fully functioning cloud built upon virtualization technology where the environment is agile through the use of storage and VM vMotion or Live Migrations. The cloud would furthermore contain roughly 64TBs of disk across multiple storage technologies and 48TBs of memory. Now if you do not believe environment like this exist today, this was the size of the datacenter servicing VMworld 2009, This monster was on display just as you came down the escalators from the main entrance into the keynote sessions.
Now there are several issues with Digital Forensics within the cloud and therefore with any virtual environment. They are:
- The acquisition of data within the cloud