Event correlation in cloud: a forensic perspective

Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlatio...

Full description

Saved in:
Bibliographic Details
Published in:Computing 2016-11, Vol.98 (11), p.1203-1224
Main Authors: Kumar Raju, B. K. S. P., Geethakumari, G.
Format: Article
Language:English
Subjects:
Analysis
Artificial Intelligence
Cloud computing
Clouds
Computation
Computer Appl. in Administrative Data Processing
Computer Communication Networks
Computer Science
Correlation
Exposure
Forensic computing
Forensic engineering
Forensic sciences
Information Systems Applications (incl.Internet)
Investigations
Privacy
Security management
Software Engineering
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlation in cloud is relatively at its early stages. We categorize the cloud event correlation in to two stages. In the first stage, we consider the events from the perspective of single artifact and perform correlation (homogeneous correlation). In the second stage, we collect the events from multiple artifacts and then perform correlation (heterogeneous correlation). The proposed approach helps automate the detection of incidents from cloud evidences and also speedup the event interpretation process by the investigator.
ISSN:0010-485X
1436-5057
DOI:10.1007/s00607-016-0500-2