Towards a practical cloud forensics logging framework
MetadataShow full item record
This paper exposes and explore the practical issues with the usability of log artefacts for digital forensics in cloud computing. Logs, providing detailed events of actions on a time scale have been a prime forensic artefact. However collection of logs for analysis, from a cloud computing environment is complex and challenging task, primarily due to the volatility, multi-tenancy, authenticity and physical storage locations of logs, which often results in jurisdictional challenges too. Diverse nature of logs, such as network logs, system logs, database logs and application logs produces additional complexity in the collection and analysis for investigative purposes. In addition there is no commonality in log architecture between cloud service providers, nor the log information fully meets the specific needs of forensic practitioners. In this paper we present a practical log architecture framework, analyse it from the perspective and business needs of forensic practitioners. We prove the framework on an ownCloud - a widely used open source platform. The log architecture has been assessed by validating it against the Association of Chief Police Officers Good Practice Guide for Computer-Based Electronic Evidence guidelines. Further validation has been done against the National Institute of Standards and Technology published report on Cloud Computing Forensic Challenges, i.e., NISTIR 8006. Our work helps the forensic examiners and law enforcement agencies in establishing confidence in log artefacts and easy interpretation of logs by presenting it in a user friendly way. Our work also helps the investigators to build a collective chain of evidence as well as the Cloud Service Providers to provision forensics enabled logging.
Showing items related by title, author, creator and subject.
Pichan, A.; Lazarescu, Mihai; Soh, S. (2015)Cloud computing is arguably one of the most significant advances in information technology (IT) services today. Several cloud service providers (CSPs) have offered services that have produced various transformative changes ...
Pichan, Ameer (2022)Rapid growth in Cloud computing and Internet of Things (IoT) introduces new vulnerabilities that can be exploited to mount cyber-attacks. Digital forensics investigation is commonly used to find the culprit and help expose ...
Alhamad, Mohammed (2011)Cloud computing has changed the strategy used for providing distributed services to many business and government agents. Cloud computing delivers scalable and on-demand services to most users in different domains. However, ...