Digital Forensics Investigation on Proxmox Server Virtualization Using SNI 27037:2014
Keywords:digital forensics investigation, traditional acquisition, server virtualization
Server virtualization technology has experienced significant development so that more and more industries are adopting this technology. By using server virtualization, the industry can make savings in purchasing new servers and maintenance because virtualization allows one server to run with multiple operating systems at once. The high level of use of virtualization raises a gap for the occurrence of computer crimes involving virtualization. When computer crimes occur on virtualization, it is necessary to conduct digital forensic investigations to find useful clues in solving crime cases. Therefore, in this study a digital forensic investigation was conducted on Proxmox server virtualization by acquiring the entire storage virtualization media and carrying out checks on the results of the acquisition. Based on the investigation carried out, the acquisition technique by acquiring the entire storage media on Proxmox cannot be used because the structure of the evidence files and folders cannot be read perfectly
 E. Ali and D. Sudyana, “Virtualization Technology for Optimizing Server Resource Usage,” Int. Conf. Eng. Technol. Dev., vol. 2, no. 1, pp. 208–212, 2014.
 D. Sudyana, B. Sugiantoro, and A. Luthfi, “Instrumen Evaluasi Framework Investigasi Forensika Digital Menggunakan SNI 27037:2014,” J. Inform. Sunan Kalijaga, vol. 1, no. 2, pp. 75–83, 2016.
 Y. D. Rahayu and Y. Prayudi, “Membangun Integrated Digital Forensics Investigation Frameworks ( IDFIF ) Menggunakan Metode Sequential Logic,” Semin. Nas. SENTIKA, vol. 2014, no. Sentika, 2014.
 A. Agarwal, M. Gupta, and S. Gupta, “Systematic Digital Forensic Investigation Model,” Int. J. Comput. Sci. Secur., vol. 5, no. 1, pp. 118–134, 2011.
 S. Rani, “Digital Forensic Models : A Comparative Analysis,” Int. J. Manag. IT Eng., vol. 8, no. 6, pp. 432–443, 2018.
 V. Soundararajan and K. Govil, “Challenges in building scalable virtualized datacenter management,” SIGOPS Oper. Syst. Rev., vol. 44, No. 4, pp. 95–102, 2010.
 S. M. . Cheng, Proxmox High Availability. 2014.
 Badan Standarisasi Nasional, SNI 27037:2014 tentang Teknologi Informasi - Teknik Keamanan - Pedoman Identifikasi, pengumpulan, Akuisisi, dan Preservasi Bukti Digital. Jakarta, 2014.
 M. Hirwani, Y. Pan, B. Stackpole, and D. Johnson, “Forensic Acquisition and Analysis of VMware Virtual Hard Disks,” 2012.
 S. Lim, B. Yoo, J. Park, K. Byun, and S. Lee, “A research on the investigation method of digital forensics for a VMware Workstation’s virtual machine,” Math. Comput. Model., vol. 55, no. 1–2, pp. 151–160, 2012.
 F. M. Patterson, “The Implications of Virtual Environments In Digital Forensic Investigations,” University of Central Florida, 2013.
 C. Neal, “Forensic Recovery of Evidence From Deleted Oracle Virtualbox Virtual Machines,” no. December, 2013.
 E. Wahyudi, U. I. Indonesia, I. Riadi, U. A. Dahlan, Y. Pray, and U. I. Indonesia, “Virtual Machine Forensic Analysis And Recovery Method For Recovery And Analysis Digital Evidence,” Int. J. Comput. Sci. Inf. Secur., vol. 16, no. 2, pp. 1–7, 2018.