The Design of a Cloud Forensics Middleware System Base on Memory Analysis

  • Shumian YangEmail author
  • Lianhai Wang
  • Dawei Zhao
  • Guangqi Liu
  • Shuhui Zhang
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)


The rapid development of cloud computing has not only brought huge economic benefits, but also brought the issue of computer related crimes. In this paper, a design method of cloud forensics middleware was proposed to obtain credible and complete digital evidence from the cloud in a comprehensive and convenient manner. The design method includes three parts: the remote control side evidence display, the server-side evidence analysis and monitoring management, and client-side memory acquisition and analysis. Compared with the traditional online forensics methods, this method was more in line with the requirements of traditional physical evidence technology, greatly improving the efficiency of the forensic staff and the credibility of the evidence. The method has been verified on Windows 10 (the client) and Centos 7.0 (the server) and was proved to be effective and reliable.


Cloud forensics Middleware Physical memory Remote control 



This work is supported by the National Natural Science Foundation of China (Grant Nos. 61572297, and 61602281), the Shandong Provincial Natural Science Foundation of China (Grant Nos. ZR2016YL014, ZR2016YL011, and ZY2015YL018), the Shandong Provincial Outstanding Research Award Fund for Young Scientists of China (Grant Nos. BS2015DX006), the Shandong Academy of Sciences Youth Fund Project, China (Grant Nos. 2015QN003), the Shandong provincial Key Research and Development Program of China (2018CXGC0701, 2018GGX106005, 2017CXGC0701, and 2017CXGC0706).


  1. 1.
    Garfinkel, S.L.: Digital forensics research: the next 10 years. Digit. Invest. 7, 64–73 (2010)CrossRefGoogle Scholar
  2. 2.
    Wang, X., Xiong, X., Zhang, X., et al.: Methods and systems for collaborative forensic analysis of remote forensics target terminals, China, CN1044629A, 03 December 2014Google Scholar
  3. 3.
    Xie, Y., Ding, L., Lin, Y., et al.: ICFF: a cloud forensics framework under IaaS model. J. Commun. 34(05), 200–206 (2013)Google Scholar
  4. 4.
    Wang, L.: Research on online forensics models and methods based on physical memory analysis. Shandong University, Jinan (2014)Google Scholar
  5. 5.
    Guo, M., Wang, L.: Windows physical memory analysis method based on KPCR structure. Comput. Eng. Appl. 45(18), 74–77 (2009)Google Scholar
  6. 6.
    Yang, S., Wang, L., Han, X., et al.: A remote Forensics System Based on physical memory analysis, CN105138709A, 09 December 2015Google Scholar
  7. 7.
    Deng, Y.: From video surveillance middleware to cloud computing middleware. China Secur. (Z1), 60–63 2014Google Scholar
  8. 8.
    Pei, Z.: Design and implementation of VPN system based on cloud inter parts. Dalian University of Technology (2012)Google Scholar
  9. 9.
    Luo, G.: Design and implementation of cloud platform for health management. Beijing Jiaotong University (2017)Google Scholar
  10. 10.
    Li, G., Li, Y., Yuan, A.: The OPC client based on C/S model realizes remote monitoring. Microcomput. Inf. (12), 25–26, 189 (2007)Google Scholar
  11. 11.
    Liu, Y., Qin, C.: Intelligent control system for information interaction based on public cloud platform. Exp. Technol. Manag. 33(08), 149–151, 155 (2016)Google Scholar
  12. 12.
    Cui, J., He, S., Guo, C., et al.: Design of transparent message channel based on KVM virtual desktop. Comput. Eng. 40(09), 77–81 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Shumian Yang
    • 1
    Email author
  • Lianhai Wang
    • 1
  • Dawei Zhao
    • 1
  • Guangqi Liu
    • 1
  • Shuhui Zhang
    • 1
  1. 1.Shandong Provincial Key Laboratory of Computer Networks, Shandong Computer Science Center (National Supercomputer Center in Jinan)Qilu University of Technology (Shandong Academy of Sciences)JinanChina

Personalised recommendations