A Novel HIDS and Log Collection Based System for Digital Forensics in Cloud Environment

Nowadays, cloud computing has become an emerging and widely used technology throughout the world on account of its dynamic, reliable and customizable quality of service. However, at the same time, the security problem of cloud environment is attracted more and more attentions from academia and industry. In many concerns regarding cloud computing security, the digital forensic is a hot topic. Compared with traditional digital forensic on common digital devices and hardware, it is difficult to implement digital forensic in cloud because it is very hard to collect logs from cloud environment. In this paper, we try to design a new system to address the issue of digital forensic in cloud environment. We use a new architecture to help investigators performing the log collection. Firstly, a Host-based Intrusion Detection System (HIDS) is introduced to secure the data in cloud from malicious attacks of intruders. Then, based on the feedback results of HIDS, one web server generates email alerts and Secure Shell (SSH) message to restrict further suspicious activities. Finally, the digital forensic investigators can collect reliable evidence of suspected user. In this way, HIDS and log collection will be significant part for digital forensic in cloud environment.