Digital Forensics for Cyberattack Detection in VM Migration: A Conceptual Framework

Taufik Hidayat; Nadim Ibrahim

doi:10.58291/komets.v4i1.537

Authors

Taufik Hidayat Department of Computer Engineering, Universitas Wiralodra, Indramayu, Indonesia
Nadim Ibrahim Department of Communication Engineering and Informatics, Arab International University, Damascus, Syria

Keywords:

Digital forensics, virtual machine, cloud forensics, intrusion detection

Abstract

Virtual machine (VM) migration is widely used in cloud environments because it helps systems stay flexible and use resources more efficiently. At the same time, it can introduce security concerns, especially when forensic investigation is needed. Most previous studies look at areas like intrusion detection or memory forensics, but they are usually treated separately and not in relation to VM migration. In this work, a digital forensic framework is proposed for VM migration scenarios. The idea is to bring several steps together, such as monitoring, collecting data, analyzing it, and reporting the findings. One important point is the migration phase itself, since system states are moving between hosts and some activities may not be fully visible during this process. The framework is discussed conceptually by looking at how these parts interact and how it can address some of the limitations found in earlier work. In general, combining detection and forensic analysis in this way can help make investigations more consistent. This study can also be used as a starting point for further work and practical use in cloud systems.