中文摘要：

为了保证云中虚拟机的安全和从云中寻找完整可靠的犯罪证据,提出了基于物理内存分析的实时监控取证方法,设计开发了相应的云监控取证系统,并给出了具体的设计及实现。此系统的代理端只需要在物理主机上运行,通过获取分析主机的物理内存,分析提取IaaS基础设施层一台或者多台物理主机上安装的虚拟机系统内的关键信息。最后在KVM/Xen虚拟化环境中进行了信息的分析提取和异常检测,结果表明该方法能够获取到云平台中虚拟机的关键证据信息,能对虚拟机中的异常行为进行检测,可有效防止虚拟主机运行恶意软件、违法犯罪等问题。

英文摘要：

To ensure the security of virtual machines in the cloud and look for complete and reliable evidence of a crime from the cloud,the paper presented a real-time cloud monitoring forensics method and developed a cloud monitoring forensic system based on physical memory analysis. The specific design and implementation were given. The agent system only needs to run on a physical host. By acquiring and analyzing the host＇s physical memory,the agent can effectively acquire the important information of virtual machines of the IaaS infrastructure layer. Finally,the paper gives analysis extraction of information and anomaly detection in the KVM/Xen virtualized environment. Results show that the monitoring forensic method can obtain the important information and prevent the virtual hosts running malicious software,illegal crime and other issues.