Digital Forensics for Eucalyptus

Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. As a result the digital forensics, which relies heavily on physical access to computing devices and applications logs, has become a biggest challenge in cloud environments due to the non-availability of physical access to computing devices and applications logs. As we will see this paper highlights many of the digital forensics issues in the cloud environments and tries to address some of these forensics issues by identifying possible Syslog or Snort logs that can help in detecting cloud attacks or conducting digital forensics in cloud environments by analyzing logs generated by an open source cloud computing Eucalyptus software. As we will see in the paper we neither had access to Eucalyptus logs dataset nor it was known that any such dataset exist that could be analyzed offline for digital forensics purposes. Thus we generated our own dataset by attacking Eucalyptus with many of the known cloud attacks and then analyzing the resultant dataset to identify possible log entries that could identify cloud attacks or help in conducting digital forensics in cloud environments.