Paper Info
Title
Digital forensics cloud log unification: Implementing CADF in Apache CloudStack
Abstract
Cloud computing is an important step in our era, delivering many advantages in business and our daily life. However, as every new technology, various challenges are brought into light with one of them being the misuse of Cloud computing environments for criminal activities. As such, Cloud service providers have to establish adequate forensic capabilities in order to support forensics investigations in the event of illegal activities in the cloud. In order to help forensics investigations, this paper deals with log format unification in cloud platforms using Distributed Management Task Force's (DMTF) Cloud Auditing Data Federation (CADF) standard. CADF event logging is utilised in the widely used OpenStack, and we have modified the Apache CloudStack platform to become forensically sound. Furthermore, we investigated the existing CloudStack platform along with the proposed CADF event model implemented, with regards to the principles of the Association of Chief Police Officers (ACPO) on handling digital evidence. The results are provided in this paper as well as an automated parsing tool/CADF event consumer, named C.Lo.D, which is freely available and can be downloaded from Github.
Year
DOI
Venue
2020
10.1016/j.jisa.2020.102555
Journal of Information Security and Applications
Keywords
DocType
Volume
Cloud computing,Computer crime,Forensics,Cloud Auditing Data Federation,CADF,CloudStack
Journal
54
ISSN
Citations 
PageRank 
2214-2126
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Dalezios Nikolaos100.34
Stavros N. Shiaeles25212.27
Kolokotronis Nicholas300.34
B. V. Ghita47324.16