DOI: http://dx.doi.org/10.26483/ijarcs.v9i1.5373 Volume 9, No. 1, January-February 2018 International Journal of Advanced Research in Computer Science REVIEW ARTICLE Available Online at www.ijarcs.info © 2015-19, IJARCS All Rights Reserved 544 ISSN No. 0976-5697 SECURE LOG FORENSICS AS A SERVICE IN CLOUD COMPUTING Varsha Tak Dept. of CSE, Sardar Patel University of Police, Security & Criminal Justice, Jodhpur, India Rajendra Kachhwaha Dept. of CSE, MBM Engineering College, Jai Narain Vyas University, Jodhpur, India Ram Niwash Mahia Dept. of ECE, MBM Engineering College, Jai Narain Vyas University, Jodhpur, India Abstract—With the advent of internet and technology, cloud computing is globally acceptable for each and every service in the industry. With this huge escalation in implementation, the cloud environment is exposed to an attacker with a large attack surface. So there is an emergent requirement to facilitate forensic investigators to collect, analyze and produce evidence from the cloud environment, which can be used in court cases. Logs maintain useful data regarding activities or events of system, network. This information is very expensive to prove attacks in court cases. So, protection is required and also maintained integrity, confidentially, security of logs. To collect and analyze log messages from different sources like a router, switch, virtual machine, firewalls, operating system. These logs are categorized with a regular expression and to store in particular encrypted format. To overcome threads cost and improve security, an organization should be moved towards the cloud. Using cloud-based log forensics, investigator easily gathers the log and conduct investigation. In cloud computing environment they also used in forensics to prove attacks and increase confidentiality. IndexTerms—Cloud Computing, Cloud Security, Log Management, Cloud Forensics, Log Forensics I. INTRODUCTION Cloud computing is a computational model in which on- demand resources are provided with storage at a very low cost, in a very elastic and efficient manner. As a cloud user performs various activities as per requirement in the cloud environment and those activities got recorded in log files. The process of this recording is known as logging. Log files provide multiple information regarding user activity, servers, networks, operating systems, firewalls etc. Using Log files, we can optimize the performance of the system or network, perform network monitoring and investigate the malicious behavior [1]. This information is very useful for cloud forensics. This paper discusses the log generated at various events which plays a big role in the investigation and securing the cloud infrastructure. Section II defines the various logging modes and types of logs details such as user activity details, server, and network activities in the cloud. In section III and IV architecture model of cloud computing and forensics is defined. Section V discusses the previous related work in this field. Section VI derives the conclusion. II. VARIOUS KINDS OF LOGS Log files contain sequential steps performed during the execution and stored in different logging methods. Logging is mainly used for monitoring the system and can be used for investigation purpose. There are different types of logging methods such as linear logging and circular logging. A. Linear Logging This is used to store the log files in a linear sequential manner in system memory. Linear logging has infinite memory space of system memory. Logs are stored without overwriting the previous logs. Whenever system memory exhausted, old log files are moved to another memory. B. Circular Logging In this, log files are stored in a circular manner same as a circular queue. It is used to predefine memory space once it reaches the end of the location; it automatically performs the overwriting from the starting point and then starts storing the new files. To acquire the previous and past logs, it is necessary to identify which types of logging technique is used and also check log file format. There are different types of sources where a user can gatherers log such as virtual machine logs, firewall logs, network logs, setup logs, system logs and application logs. III. CLOUD COMPUTING ARCHITECTURE A cloud computing provides virtual space to store data and also provides access from anywhere. In cloud computing, we highly depend on CSPs to gain logs and forensic investigation from clouds [2][9]. Logs are based on three models of the cloud: SaaS, Paas, and Iaas [9]. A. Software as a Service(SaaS) All the services and application resources are provided by Cloud service provider. Cloud consumers have no control on the SaaS platform. A user can only manage the provided resources as per his convenient. Cloud users have the least