Augmenting the Operations on Cloud Virtual Forensic Data by employing Probabilistic Data Structures
Gathering and scrutinizing the different types of logs are the vital steps in the forensic domain. Logs are commonly gathered by the cloud service providers or by some third party layers governed by the cloud service providers. Security of the logs is a crucial issue as the logs can be tampered accidentally or intentionally by an employee in the cloud service provider’s organization or by the forensic investigator, thus maligning the evidence in case a cyber-crime, is committed through the cloud service provider’s infrastructure. The malicious attacker can also conspire with the cloud service provider or the forensic investigator to erase or malign the logs that are generated for one’s own criminal activity. To address such issues, a method is recommended which verifies the tampering of the virtual instance logs, Verification process confirms that the confidentiality and integrity of the logs remains intact. The log integrity is proved by log chains which are created in the implemented system and by the potential electronic evidence of past logs which are posted by the cloud service provider. The proposed system aids in performing the reasonable verifications that the cloud service provider or the forensic investigator is not tampering the logs. The novelty of the research conducted in this paper is a technique which applies the cuckoo filter, to the forensic logs which is supportive in proving the integrity of the evidences at a faster pace in comparison to the other filters.