{"id":"https://openalex.org/W2362941995","doi":"https://doi.org/10.1145/2906149","title":"Cloud Log Forensics","display_name":"Cloud Log Forensics","publication_year":2016,"publication_date":"2016-05-12","ids":{"openalex":"https://openalex.org/W2362941995","doi":"https://doi.org/10.1145/2906149","mag":"2362941995"},"language":"en","primary_location":{"id":"doi:10.1145/2906149","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2906149","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107964469","display_name":"Suleman Khan","orcid":"https://orcid.org/0000-0002-5725-6184"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]},{"id":"https://openalex.org/I57328836","display_name":"North Dakota State University","ror":"https://ror.org/05h1bnb22","country_code":"US","type":"education","lineage":["https://openalex.org/I57328836"]}],"countries":["MY","US"],"is_corresponding":false,"raw_author_name":"Suleman Khan","raw_affiliation_strings":["North Dakota State University, Fargo, USA","University of Malaya, Kuala Lumpur, Malaysia"],"raw_orcid":"https://orcid.org/0000-0002-5725-6184","affiliations":[{"raw_affiliation_string":"North Dakota State University, Fargo, USA","institution_ids":["https://openalex.org/I57328836"]},{"raw_affiliation_string":"University of Malaya, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091401182","display_name":"Abdullah Gani","orcid":"https://orcid.org/0000-0002-4388-020X"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Abdullah Gani","raw_affiliation_strings":["University of Malaya, Kuala Lumpur, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Malaya, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004213577","display_name":"Ainuddin Wahid Abdul Wahab","orcid":"https://orcid.org/0000-0003-1062-0329"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Ainuddin Wahid Abdul Wahab","raw_affiliation_strings":["University of Malaya, Kuala Lumpur, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Malaya, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034687963","display_name":"Mustapha Aminu Bagiwa","orcid":"https://orcid.org/0000-0003-2656-7905"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Mustapha Aminu Bagiwa","raw_affiliation_strings":["University of Malaya, Kuala Lumpur, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Malaya, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069957039","display_name":"Muhammad Shiraz","orcid":"https://orcid.org/0000-0002-0149-7413"},"institutions":[{"id":"https://openalex.org/I40597779","display_name":"Federal Urdu University","ror":"https://ror.org/02b52th27","country_code":"PK","type":"education","lineage":["https://openalex.org/I40597779"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Muhammad Shiraz","raw_affiliation_strings":["Federal Urdu University, Islamabad, Pakistan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal Urdu University, Islamabad, Pakistan","institution_ids":["https://openalex.org/I40597779"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003909640","display_name":"Samee U. Khan","orcid":"https://orcid.org/0000-0001-5640-4942"},"institutions":[{"id":"https://openalex.org/I33849332","display_name":"University of Malaya","ror":"https://ror.org/00rzspn62","country_code":"MY","type":"education","lineage":["https://openalex.org/I33849332"]},{"id":"https://openalex.org/I57328836","display_name":"North Dakota State University","ror":"https://ror.org/05h1bnb22","country_code":"US","type":"education","lineage":["https://openalex.org/I57328836"]}],"countries":["MY","US"],"is_corresponding":false,"raw_author_name":"Samee U. Khan","raw_affiliation_strings":["North Dakota State University, Fargo, USA","University of Malaya, Kuala Lumpur, Malaysia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Dakota State University, Fargo, USA","institution_ids":["https://openalex.org/I57328836"]},{"raw_affiliation_string":"University of Malaya, Kuala Lumpur, Malaysia","institution_ids":["https://openalex.org/I33849332"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014716105","display_name":"Rajkumar Buyya","orcid":"https://orcid.org/0000-0001-9754-6496"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Rajkumar Buyya","raw_affiliation_strings":["University of Melbourne, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015993565","display_name":"Albert Y. Zomaya","orcid":"https://orcid.org/0000-0002-3090-1059"},"institutions":[{"id":"https://openalex.org/I129604602","display_name":"The University of Sydney","ror":"https://ror.org/0384j8v12","country_code":"AU","type":"education","lineage":["https://openalex.org/I129604602"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Albert Y. Zomaya","raw_affiliation_strings":["University of Sydney, NSW, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Sydney, NSW, Australia","institution_ids":["https://openalex.org/I129604602"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":26.2337,"has_fulltext":false,"cited_by_count":79,"citation_normalized_percentile":{"value":0.99477622,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"49","issue":"1","first_page":"1","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.9335455894470215},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7332620024681091},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.4891224503517151},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4636019468307495},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4618609845638275},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4365643262863159},{"id":"https://openalex.org/keywords/cloud-testing","display_name":"Cloud testing","score":0.4116725027561188},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.32925039529800415},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10372543334960938}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.9335455894470215},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7332620024681091},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.4891224503517151},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4636019468307495},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4618609845638275},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4365643262863159},{"id":"https://openalex.org/C120115606","wikidata":"https://www.wikidata.org/wiki/Q5135723","display_name":"Cloud testing","level":4,"score":0.4116725027561188},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.32925039529800415},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10372543334960938}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2906149","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2906149","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.550000011920929,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322604","display_name":"Universiti Malaya","ror":"https://ror.org/00rzspn62"},{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":85,"referenced_works":["https://openalex.org/W6312178","https://openalex.org/W16482292","https://openalex.org/W28494369","https://openalex.org/W97403240","https://openalex.org/W582893026","https://openalex.org/W597074816","https://openalex.org/W966149683","https://openalex.org/W1001337771","https://openalex.org/W1002495726","https://openalex.org/W1427304929","https://openalex.org/W1485766122","https://openalex.org/W1486367002","https://openalex.org/W1494173351","https://openalex.org/W1499669957","https://openalex.org/W1503242180","https://openalex.org/W1506150625","https://openalex.org/W1515052829","https://openalex.org/W1534546243","https://openalex.org/W1858818829","https://openalex.org/W1922956467","https://openalex.org/W1964394804","https://openalex.org/W1969238379","https://openalex.org/W1977367431","https://openalex.org/W1982812618","https://openalex.org/W1983347733","https://openalex.org/W1985190459","https://openalex.org/W1986896180","https://openalex.org/W1991458033","https://openalex.org/W1993586921","https://openalex.org/W1996348431","https://openalex.org/W2001913551","https://openalex.org/W2009426851","https://openalex.org/W2010563114","https://openalex.org/W2013910571","https://openalex.org/W2016608146","https://openalex.org/W2025529089","https://openalex.org/W2025784223","https://openalex.org/W2027380800","https://openalex.org/W2033880120","https://openalex.org/W2048459004","https://openalex.org/W2053321886","https://openalex.org/W2055204629","https://openalex.org/W2057676176","https://openalex.org/W2064656941","https://openalex.org/W2068494081","https://openalex.org/W2087433244","https://openalex.org/W2088341744","https://openalex.org/W2090987777","https://openalex.org/W2091351040","https://openalex.org/W2096993702","https://openalex.org/W2102673514","https://openalex.org/W2103023445","https://openalex.org/W2107616676","https://openalex.org/W2114296561","https://openalex.org/W2116348834","https://openalex.org/W2116913273","https://openalex.org/W2122589245","https://openalex.org/W2124387823","https://openalex.org/W2146840150","https://openalex.org/W2147126284","https://openalex.org/W2149140091","https://openalex.org/W2166205945","https://openalex.org/W2243728652","https://openalex.org/W2275530856","https://openalex.org/W2295872724","https://openalex.org/W2300690913","https://openalex.org/W2318959120","https://openalex.org/W2321995751","https://openalex.org/W2334692458","https://openalex.org/W2337356982","https://openalex.org/W2483198502","https://openalex.org/W2501255170","https://openalex.org/W2538003494","https://openalex.org/W2611869636","https://openalex.org/W2620229640","https://openalex.org/W2620576447","https://openalex.org/W2628759714","https://openalex.org/W2789825598","https://openalex.org/W2912574597","https://openalex.org/W2915118208","https://openalex.org/W3103395557","https://openalex.org/W3125468169","https://openalex.org/W3176743682","https://openalex.org/W4200156619","https://openalex.org/W4236454837"],"related_works":["https://openalex.org/W2614778841","https://openalex.org/W2964505913","https://openalex.org/W3135251114","https://openalex.org/W2523967339","https://openalex.org/W2094091691","https://openalex.org/W3120757426","https://openalex.org/W2576922631","https://openalex.org/W65919655","https://openalex.org/W4230987454","https://openalex.org/W2542700464"],"abstract_inverted_index":{"Cloud":[0],"log":[1,18,45,51,54,67,139,168,188],"forensics":[2],"(CLF)":[3],"mitigates":[4],"the":[5,10,21,30,41,88,93,101,108,114,122,125,144,163],"investigation":[6,169],"process":[7],"by":[8],"identifying":[9],"malicious":[11,115,172],"behavior":[12],"of":[13,24,29,43,48,59,65,79,117,124,127,146,166,203],"attackers":[14],"through":[15],"profound":[16],"cloud":[17,25,34,44,50,53,60,66,72,81,84,89,104,138,149,167,187],"analysis.":[19],"However,":[20],"accessibility":[22],"attributes":[23],"logs":[26,35,85],"obstruct":[27],"accomplishment":[28],"goal":[31],"to":[32,76,112,157,161,184,198,211],"investigate":[33,113,212],"for":[36,110,170,205],"various":[37],"susceptibilities.":[38,189],"Accessibility":[39],"involves":[40],"issues":[42,134],"access,":[46],"selection":[47],"proper":[49],"file,":[52],"data":[55],"integrity,":[56],"and":[57,129,133,148,180,192,195,209],"trustworthiness":[58],"logs.":[61,82],"Therefore,":[62],"forensic":[63],"investigators":[64],"files":[68],"are":[69,151,159,182],"dependent":[70],"on":[71,92],"service":[73],"providers":[74],"(CSPs)":[75],"get":[77],"access":[78],"different":[80,131,186],"Accessing":[83],"from":[86],"outside":[87],"without":[90],"depending":[91],"CSP":[94],"is":[95],"a":[96],"challenging":[97],"research":[98,201],"area,":[99],"whereas":[100],"increase":[102],"in":[103,136],"attacks":[105],"has":[106],"increased":[107],"need":[109],"CLF":[111,128,158,175,204],"activities":[116],"attackers.":[118],"This":[119],"paper":[120],"reviews":[121],"state":[123],"art":[126],"highlights":[130],"challenges":[132,181,194],"involved":[135],"investigating":[137],"data.":[140],"The":[141,174],"logging":[142],"mode,":[143],"importance":[145],"CLF,":[147],"log-as-a-service":[150],"introduced.":[152],"Moreover,":[153],"case":[154],"studies":[155],"related":[156],"explained":[160],"highlight":[162,199],"practical":[164],"implementation":[165],"analyzing":[171],"behaviors.":[173],"security":[176],"requirements,":[177],"vulnerability":[178],"points,":[179],"identified":[183],"tolerate":[185],"We":[190],"identify":[191],"introduce":[193],"future":[196],"directions":[197],"open":[200],"areas":[202],"motivating":[206],"investigators,":[207],"academicians,":[208],"researchers":[210],"them.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":12},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}