Abstract: With the cloud technology is widely used in the field of computer networking, security, audit and e-discovery needs of cloud environments is increasingly urgent. As the cloud with traditional computer forensics evidence is quite different in the forensic environment, obtaining evidence and evidence analysis, the current lack of effective methods for cloud forensics and electronic techniques, the cloud system as an information system, which was auditability can not be guaranteed. This paper presents a new set of cloud forensics systems for infrastructure IaaS cloud services, data collection terminals through cloud system virtual machine monitor and actively collect evidence, and the evidence collected will be stored centrally in one place, forensics system Real-time forensics, evidence preservation features centralized cloud environment can effectively deal with volatile evidence, the evidence difficult to extract features, to achieve efficient forensics.

Key words: cloud forensics, IaaS cloud service, dynamic forensics, evidence preservation