Memory Dumps of Virtual Machines for Cloud Forensics

Citation Author(s):
Prasad
Purnaye
Researcher
Vrushali
Kulkarni
Professor
Submitted by:
Prasad Purnaye
Last updated:
Thu, 03/23/2023 - 02:08
DOI:
10.21227/ft6c-2915
Data Format:
Memory dumps in raw format zipped in (tar.gz)
Research Article Link:
BiSHM: Evidence detection and preservation model for cloud forensics
Links:
Download Link
License:
Creative Commons Attribution
1405 Views
Categories:
Security
Cloud Computing
Keywords:
Cloud Forensics
0
0 ratings - Please login to submit your rating.
ACCESS DATASET CITE SHARE/EMBED

Abstract 

The dataset contains memory dump data which is generated continuously. For the experiment we carried out, we implemented the volatile data dump module which generated around 360 VM memory dump images of average size 800Mb each (Total 288GB). These data files are compressed using gzip utility. Further zipped to 79.5GB one single file of memory evidence.
Out of these preserved and stored memory dump dataset, 79 files of size 17.3GB were generated during the attack. This means the data 21.76% of data (in size) is potential evidence.
These statistics only depicts the current scenario of the simulation and subject to change as per the attack duration.

Instructions: 

There are total 360 gzip files in the datasets. Each of the gzip file can be extracted to a *.mem file. Filename of which represented in  VMID_LASTPOLL.mem format. For example if memory dump is taken at 07:20:00AM 15 Dec 2020 (IST) would be =>1608016800 and the ID of the VM is 4 then the filename would be "4_1608016800.mem".   The 256-bit SHA hash is also stored in the supporting file named memrepo.zip. For smaller version of the database you can contact the author at prasad.purnaye@mitwpu.edu.in

Comments

the correct email id is prasad.purnaye@mitwpu.edu.in

Submitted by Prasad Purnaye on Mon, 04/19/2021 - 00:47

Hi...can i please know the memory dumps that have been generated are from VMs having which OS?
Can you pls also suggest tools that can read these .mem files

Submitted by payal saluja on Tue, 07/26/2022 - 01:48

You can use https://hexed.it/ or https://elfparser.com/

Submitted by Prasad Purnaye on Thu, 03/23/2023 - 02:09

Dataset Files

LOGIN TO ACCESS DATASET FILES

Documentation

AttachmentSize
File Volatile Memory Evidence for Cloud Forensics.docx13.61 KB

Related Datasets

Evidence Detection in Cloud Forensics

Submitted by: Prasad Purnaye

 

QUESTIONS?