Cloud Log Forensics Metadata Analysis

Thorpe, Sean; Ray, Indrajit; Grandison, Tyrone; Barbir, Abbie

doi:10.1109/compsacw.2012.44

Cited by 19 publications

(12 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although, this is possible with copies of a virtual machine within a privately managed cloud, it requires additional evidence for say a storage device like Amazon's Simple Storage Solution (S3). If one assumes that the providers retains the IaaS, PaaS and SaaS logs of what files are deleted , who deleted them, and when and where they were deleted that could be useful metadata even if the content proves unrecoverable [11].…”

Section: Cloud Forensicsmentioning

confidence: 99%

Cloud computing log forensics-the new frontier

Thorpe

Grandison

Blake

2014

Ieee Southeastcon 2014

Self Cite

View full text Add to dashboard Cite

Cloud computing is becoming commonplace in industry. With this rise in adoption and use, there is a growing requirement to enable forensic investigators to collect, analyze and produce evidence that can be used in court cases. Unfortunately, traditional and digital forensics techniques cannot be directly applied to the cloud computing paradigm. In this paper, we explore the need created by cloud computing log forensics, discuss the issues involved, and highlight the unsolved research challenges in the space.

show abstract

Section: Cloud Forensicsmentioning

confidence: 99%

Cloud computing log forensics-the new frontier

Thorpe

Grandison

Blake

2014

Ieee Southeastcon 2014

Self Cite

View full text Add to dashboard Cite

show abstract

“…The limitation of this approach is that user needs to depend on CSP to acquire the evidence. Thorpe et al introduces the survey on high‐level trust arises in acquiring log forensic evidence from VM host OS within the data cloud . The data acquisition, in particular, the hypervisor system logs, is used to track VM instances to compile potential evidence for cloud investigations.…”

Section: Related Workmentioning

confidence: 99%

Secure logging scheme for forensic analysis in cloud

Sree

Bhanu

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary Cloud computing has emerged as a prominent technology that provides reliable on‐demand cloud services to users. Among the various kind of attacks, Distributed Denial of Service (DDoS) attack is one of the major application layer attacks that target the resources and services running in the cloud. Due to the distributed nature of attacks or crimes in the cloud, the evidence are collected from various components such as the router, switches, hard disk, log traces, and virtual machines. An attacker may collude with the cloud provider or investigators to tamper the log files or by inserting false information or by deleting the malicious activity logs altogether by leaving no trace. Hence, security is the major concern in cloud wherein investigation of crimes and attacks are very difficult. Collecting logs from the cloud providers is very hard since many users share the same network resources and the investigators rely on the providers to access the information. Therefore, in order to preserve the confidentiality, integrity, and authentication of logs, secure logging scheme is proposed to preserve the logs for forensic investigation. This paper highlights the secure logging scheme by extracting the features from logs of all virtual machine instances by double encryption scheme and also deals the integrity of the logs using hashing and verifies the signatures using Bloom filter–based R tree (BR tree). Furthermore, the verification is performed using Shamir Secret Sharing (SSS) scheme, and it is responsible for sharing the secret (private) keys to all the three parties, ie, user, investigator, and cloud providers. It is inferred from the experimental results that the proposed scheme requires minimal log processing time, minimal verification time for inserting logs, stores logs in time, and space efficient manner and scalable than existing methods.

show abstract

“…However, in this section, we target the literature that discusses digital forensics of distributed applications based on virtualisation as in Belorkar and Geethakumari (2011), Delport and Olivier (2012), Dykstra and Sherman (2013), Jawale and Narayanan (2011), Quick and Choo (2013) and Thorpe et. al.…”

Section: Virtulisationmentioning

confidence: 99%

“…(2012). Given the correlation between Dimension II and III and to avoid repetition, Delport and Olivier (2012), Dykstra and Sherman (2013) and Thorpe et. al.…”

Section: Virtulisationmentioning

confidence: 99%

A State-Of-The-Art Review of Cloud Forensics

Almulla

Iraqi

Jones

2014

JDFSL

View full text Add to dashboard Cite

Cloud computing and digital forensics are emerging fields of technology. Unlike traditional digital forensics where the target environment can be almost completely isolated, acquired and can be under the investigators control; in cloud environments, the distribution of computation and storage poses unique and complex challenges to the investigators. Recently, the term "cloud forensics" has an increasing presence in the field of digital forensics. In this state-of-the-art review, we included the most recent research efforts that used "cloud forensics" as a keyword and then classify the literature into three dimensions: (1) survey-based, (2) technology-based and (3) forensics-procedural-based. We discuss widely accepted standard bodies and their efforts to address the current trend of cloud forensics. Our aim is not only to reference related work based on the discussed dimensions, but also to analyse them and generate a mind map that will help in identifying research gaps. Finally, we summarize existing digital forensics tools and the available simulation environments that can be used for evidence acquisition, examination and cloud forensics test purposes.

show abstract

Cloud Log Forensics Metadata Analysis

Cited by 19 publications

References 3 publications

Cloud computing log forensics-the new frontier

Cloud computing log forensics-the new frontier

Secure logging scheme for forensic analysis in cloud

A State-Of-The-Art Review of Cloud Forensics

Contact Info

Product

Resources

About