NISTIR 7559: Forensics Web Services (FWS) (June 2010) (full-text).
Web services are currently a preferred way to architect and provide complex services. This complexity arises due to the composition of new services and dynamically invoking existing services. These compositions create service inter-dependencies that can be misused for monetary or other gains. When a misuse is reported, investigators have to navigate through a collection of logs to recreate the attack. In order to facilitate this task, the NIST proposes the design and architecture of a forensic web services (FWS) that would securely maintain transactional records between other web services. These secure records can be re-linked to reproduce the transactional history by an independent agency. In this report, the NIST shows the necessary components of a forensic framework for web services.