Abstract
Background: Gathering and scrutinizing the different types of logs are the vital steps in the forensic domain. Logs are commonly gathered by the cloud service providers or by some third party layers which are governed by the cloud service providers. Security of the logs is a crucial issue as the logs can be tampered accidentally or intentionally by an employee in the cloud service provider’s organization or by the forensic investigator.
Objective: The algorithm designed assists in verifying the tampering of the virtual instance logs which can be accidental or intentional. Verification process confirms that the confidentiality and integrity of the logs remains intact. Verification of the potential evidence for past logs is normally carried out by the forensic investigator and the auditor.
Methods: The uniqueness of the research conducted in this paper is a technique which employs the cuckoo filter, which is supportive in proving the integrity of the potential evidences for past logs at a faster pace. The probabilistic data structures cuckoo filter and the bloom filter also support the concealment of logs.
Results: The implemented system and the results observed in it, are very promising in the cloud forensic domain. The performance of the algorithm is better than the earlier system implemented with the log chain and the database.
Conclusion: The secure framework designed in this research paper aids in proving the integrity of the virtual instance logs. The evidence verification process supports concealment of data also.
Keywords: Cloud forensic, cuckoo filter, integrity, confidentiality, false positives, virtual instances.
Graphical Abstract