Real time monitoring of security events for forensic purposes in Cloud environments using SIEM

Abstract

The use of Cloud computing keeps increasing day after day due to the unique combination of characteristics that the cloud introduce, including: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. Though, from forensics experts' point of view, many challenges are faced when responding to incidents that have occurred in a cloud computing ecosystem. This paper examines some of the challenges in cloud forensics identified in the current research literature. Furthermore, it discusses an approach offered by researchers aiming to resolve forensics need in cloud computing. Finally, it presents a new approach for forensics investigation in the cloud based on SIEM by providing real time monitoring of security events and storing this events in order to use it as evidences in investigations.