Analysis and Design of a Secured FRAMEWORK for the Forensics Logs in Cloud COMPUTING EnvirONMENT

Abstract

iii newlineAbstract newlineCloud computing has been popularly adopted by the government organizations, newlinecom- mercial and public entities due to the significant economic benefits delivered by newlineit. The security issues faced in the different layers of the cloud is a major concern of newlineevery single user who employs cloud. Due to the issues in security layers of cloud newlinecomputing environ- ment, it has become a favorable environment for the cyber newlinecriminals to perform crimes. The forensic investigators face major problems in newlinecollecting the evidences due to the dy- namic and distributed nature of cloud. The newlineability of cloud forensics investigators to carry out the investigation depends newlinecompletely on the tools and methods used to acquire the appropriate digital evidence newlinefrom a device. The current digital forensic methods, tools and framework used to newlineconduct a digital investigation cannot meet the requirements and the standards for the newlinenew technologies deployed on cloud environment. During an inci- dent response newlineinvolving the cloud, logs play a very crucial role is finding the evidences of past newlinecrimes. Logs are commonly congregated by the cloud service providers or by some newlinethird party layers which are governed by the cloud service providers. Present-day newlineinfrastructures and procedures can have main issues of evidence integrity and newlinerepudiation while investigating cloud-based crime. Security of the logs is a crucial issue newlineas the logs can be tampered accidentally or intentionally by an employee in the cloud newlineservice provider s organization or by the forensic investigator, thus maligning the newlineevidence in case a cyber- crime, is committed through the cloud service provider s newlineinfrastructure. The malicious oppugner can also conspire with the cloud service newlineprovider or the forensic investigator to erase or malign the logs that are generated for newlineone s own criminal activity. newlineTo address such issues, a framework is developed which generates the virtual instance newlinelogs and aids in verifying whether the logs are tampered or not. Verification process newlineconfirms tha