Digital forensics cloud log unification: implementing CADF in Apache CloudStack

Nikolaos Dalezios, Stavros Shiaeles*, Nicholas Kolokotronis, Bogdan Ghita

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

97 Downloads (Pure)


Cloud computing is an important step in our era, delivering many advantages in business and our daily life. However, as every new technology, various challenges are brought into light with one of them being the misuse of Cloud computing environments for criminal activities. As such, Cloud service providers have to establish adequate forensic capabilities in order to support forensics investigations in the event of illegal activities in the cloud. In order to help forensics investigations, this paper deals with log format unification in cloud platforms using Distributed Management Task Force's (DMTF) Cloud Auditing Data Federation (CADF) standard. CADF event logging is utilised in the widely used OpenStack, and we have modified the Apache CloudStack platform to become forensically sound. Furthermore, we investigated the existing CloudStack platform along with the proposed CADF event model implemented, with regards to the principles of the Association of Chief Police Officers (ACPO) on handling digital evidence. The results are provided in this paper as well as an automated parsing tool/CADF event consumer, named C.Lo.D, which is freely available and can be downloaded from Github.
Original languageEnglish
Article number102555
Number of pages9
JournalJournal of Information Security and Applications
Early online date5 Jun 2020
Publication statusPublished - 1 Oct 2020


  • Cloud computing
  • computer crimes
  • forensics
  • Cloud Auditing Data Federation
  • CADF
  • CloudStack


Dive into the research topics of 'Digital forensics cloud log unification: implementing CADF in Apache CloudStack'. Together they form a unique fingerprint.

Cite this