A Prototype Implementation of Log Acquisition in Private Cloud Environment

When attackers try to gain access to cloud infrastructure, platform, or service, cloud forensics must be performed to find out that who is behind the attack. To perform forensics in cloud environment, we need to identify and to analyze potential evidences, network traffic, registry, web browser history. Log acquisition is the process to collect log from available sources such as operating system logs, virtual machine logs, and service provider logs. Each log file contains many pieces of information that can be invaluable if you know how to read them, and how to analyze data from a perimeter defense view point to identify scans, intrusion attempts, misconfigured equipment, and other noteworthy items. In this paper, we have implemented a dashboard to observe log files which can be used as monitoring, compliance and audit, and an improvement in defense mechanism for a private cloud environment using Eucalyptus. These log files are collected and stored in database, and monitored as well. At last, we present research challenges in data acquisition for cloud computing environment.