Forensic analysis in the context of physical evidence is a relatively mature field. The computerization of society has led to the emergence of digital forensics and now the popularity of cloud computing has sparked interest into cloud forensics. The authors' goal in this paper is to enable cloud forensics, by using the theory of abstraction layers to describe the purpose and goals of Virtual Machine (VM) forensic digital examination analysis tools. Using VM abstraction as a meta abstraction layer, they identify how VM log forensic audit tools by generalization can introduce errors and provide requirements that such tools must follow to avoid these errors. Categories of VM log forensic analysis types are also defined based on the VM abstraction layers.