Secure Logging Monitor Service for Cloud Forensics

Logs are one of the most important pieces in forensics, which can be leveraged to extract critical evidences or help drastically speed up the investigation. Nevertheless, collecting the logs from cloud infrastructure is extremely difficult, since the investigators almost totally lack of control over the cloud. In this work, we introduce the notion of secure logging monitor service, which is deployed in the cloud and generates integrity proofs of cloud logs in real time. Once a proof entry has been produced, a dishonest cloud service provider (CSP) even colludes with the investigator, can't fake or remove the corresponding logs without being detected. Compared with related works, the proposed scheme can simultaneously meet the most major requirements of cloud forensics, including the integrity of log evidences, privacy protection and low computational burden.