|Project Description: ||Information security is a growing concern for governments, companies, and people who base their day to day activities on computers. There are different motivations for security attacks, and they can originate from external sources such as hacker attacks, or employees from within the organization. One of the most important sources of evidence for a forensic investigator is the security logs that contain much of the activity happening in the computer infrastructure. High level hackers have the ability to delete this evidence after they have committed their crime. This situation can lead any investigation to a death end. Another current development affecting information technology is Cloud Computing, which is based on Virtual environments. Virtualization is a recent trend that besides a reduction in costs, and improvement in the efficiency of hardware resources use, also offers some benefits in terms of security. The purpose of this research project is to demonstrate the capabilities of well known forensic tools to recover log files after they have been deliberately erased. The forensic analysis is performed in a virtual server containing the security logs.