Towards a practical cloud forensics logging framework
This paper exposes and explore the practical issues with the usability of log artefacts for digital forensics in cloud computing. Logs, providing detailed events of actions on a time scale have been a prime forensic artefact. However collection of logs for analysis, from a cloud computing environmen...
| Main Authors: | , , |
|---|---|
| Format: | Journal Article |
| Published: |
2018
|
| Online Access: | http://hdl.handle.net/20.500.11937/72956 |
| _version_ | 1848762886079381504 |
|---|---|
| author | Pichan, A. Lazarescu, Mihai Soh, Sie Teng |
| author_facet | Pichan, A. Lazarescu, Mihai Soh, Sie Teng |
| author_sort | Pichan, A. |
| building | Curtin Institutional Repository |
| collection | Online Access |
| description | This paper exposes and explore the practical issues with the usability of log artefacts for digital forensics in cloud computing. Logs, providing detailed events of actions on a time scale have been a prime forensic artefact. However collection of logs for analysis, from a cloud computing environment is complex and challenging task, primarily due to the volatility, multi-tenancy, authenticity and physical storage locations of logs, which often results in jurisdictional challenges too. Diverse nature of logs, such as network logs, system logs, database logs and application logs produces additional complexity in the collection and analysis for investigative purposes. In addition there is no commonality in log architecture between cloud service providers, nor the log information fully meets the specific needs of forensic practitioners. In this paper we present a practical log architecture framework, analyse it from the perspective and business needs of forensic practitioners. We prove the framework on an ownCloud - a widely used open source platform. The log architecture has been assessed by validating it against the Association of Chief Police Officers Good Practice Guide for Computer-Based Electronic Evidence guidelines. Further validation has been done against the National Institute of Standards and Technology published report on Cloud Computing Forensic Challenges, i.e., NISTIR 8006. Our work helps the forensic examiners and law enforcement agencies in establishing confidence in log artefacts and easy interpretation of logs by presenting it in a user friendly way. Our work also helps the investigators to build a collective chain of evidence as well as the Cloud Service Providers to provision forensics enabled logging. |
| first_indexed | 2025-11-14T10:54:41Z |
| format | Journal Article |
| id | curtin-20.500.11937-72956 |
| institution | Curtin University Malaysia |
| institution_category | Local University |
| last_indexed | 2025-11-14T10:54:41Z |
| publishDate | 2018 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | curtin-20.500.11937-729562019-03-06T07:19:49Z Towards a practical cloud forensics logging framework Pichan, A. Lazarescu, Mihai Soh, Sie Teng This paper exposes and explore the practical issues with the usability of log artefacts for digital forensics in cloud computing. Logs, providing detailed events of actions on a time scale have been a prime forensic artefact. However collection of logs for analysis, from a cloud computing environment is complex and challenging task, primarily due to the volatility, multi-tenancy, authenticity and physical storage locations of logs, which often results in jurisdictional challenges too. Diverse nature of logs, such as network logs, system logs, database logs and application logs produces additional complexity in the collection and analysis for investigative purposes. In addition there is no commonality in log architecture between cloud service providers, nor the log information fully meets the specific needs of forensic practitioners. In this paper we present a practical log architecture framework, analyse it from the perspective and business needs of forensic practitioners. We prove the framework on an ownCloud - a widely used open source platform. The log architecture has been assessed by validating it against the Association of Chief Police Officers Good Practice Guide for Computer-Based Electronic Evidence guidelines. Further validation has been done against the National Institute of Standards and Technology published report on Cloud Computing Forensic Challenges, i.e., NISTIR 8006. Our work helps the forensic examiners and law enforcement agencies in establishing confidence in log artefacts and easy interpretation of logs by presenting it in a user friendly way. Our work also helps the investigators to build a collective chain of evidence as well as the Cloud Service Providers to provision forensics enabled logging. 2018 Journal Article http://hdl.handle.net/20.500.11937/72956 10.1016/j.jisa.2018.07.008 restricted |
| spellingShingle | Pichan, A. Lazarescu, Mihai Soh, Sie Teng Towards a practical cloud forensics logging framework |
| title | Towards a practical cloud forensics logging framework |
| title_full | Towards a practical cloud forensics logging framework |
| title_fullStr | Towards a practical cloud forensics logging framework |
| title_full_unstemmed | Towards a practical cloud forensics logging framework |
| title_short | Towards a practical cloud forensics logging framework |
| title_sort | towards a practical cloud forensics logging framework |
| url | http://hdl.handle.net/20.500.11937/72956 |