Development and Design Strategies of Evidence Collection Framework in Cloud Environment

  • Yunus Khan
  • Sunita VarmaEmail author
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 100)


Nowadays, cloud computing is one of the popular and widely used concepts in information technology paradigm. It is committed to improving the IT business technically and economically. On the other hand, digital forensic is the process of collection, identification, preservation, examination, and analysis of data or information for the proof in the court of law as an evidence. It is very difficult and challenging to apply digital forensic operation in a cloud environment because CSPs are dependent on each other either they provide IaaS, PaaS, or SaaS. So the cloud forensic, one of the applications of digital forensic in a cloud environment, is just a subset of network forensic. It is a cross-field of digital forensic and cloud computing. In this paper, we investigate all the research issues, problems, and implementation ethics of cloud forensic from the initial level. We found that lots of issues and challenges are remaining to address in this domain. Some major research domains are architectures, data collection and analysis, anti-forensic, incident first responders, roles and responsibilities, legal, standards, and some learning issues. In our research work, we mainly focus on the data collection and cloud forensic architectures and also implement a cloud forensic framework in the context of cloud service models. This research work is tested using different private cloud solutions such as eucalyptus, OpenNebula, VMware, vCloud, and Hadoop platform. In our research work, we implement pattern search facility using the proposed approach in open-source software called digital forensic framework. We also implement in near future digital forensic triage using Amazon Elastic MapReduce. In this research, we also implement designed and development of forensic method for the PaaS and SaaS delivery models of cloud computing, also apply machine learning principles to design and develop new digital forensic methods, and improve the efficiency of investigation using machine learning algorithms for feature extraction and priority of evidence classification of evidence in virtual machines.


Digital forensic Data collection Evidence segregation Dependency chains IDS Multiple jurisdictions and tenancy IaaS SaaS PaaS SLA Virtual environment VMware 


  1. 1.
    Kaur M, Kaur N, Khurana S (2016) A literature review on cyber forensic and its analysis tools. Int J Adv Res Comput Commun Eng 5(1). ISSN (Online) 2278-1021. ISSN (Print) 2319 5940CrossRefGoogle Scholar
  2. 2.
    Zhou G, Cao Q, Mai Y (2011) Forensic analysis using migration in cloud computing environment. In: Information and management engineering, pp 417–423Google Scholar
  3. 3.
    Zawoad S, Hasan R (2013) Digital forensics in the cloud. In: Securing the cloud. Crosstalk, Sept/Oct. University of Alabama, BirminghamGoogle Scholar
  4. 4.
    Patrascu A, Patriciu VV (2014) Implementation of a cloud computing framework for cloud forensics. In: Proceedings of the 18th international conference on system theory, control and computing, Sinaia, Romania, 17–19 Oct. ISBN 978-1-4799-4601-3/14/$31.00 ©2014 IEEEGoogle Scholar
  5. 5.
    Alqahtany SS (2017) A forensically-enabled IaaS cloud computing architecture. Thesis, University of Plymouth, Jan 2017.
  6. 6.
    Piwari MTM (2016) Digital forensics in the cloud: the reliability and integrity of the evidence gathering process. Thesis, Auckland University of Technology, New ZealandGoogle Scholar
  7. 7.
    Almarzooqi A, Jones A (2016) A framework for assessing the core capabilities of a digital forensic organization. In: IFIP international conference on digital forensics, Jan 2016. Springer International Publishing, pp 47–65Google Scholar
  8. 8.
    Almarzooqi A, Jones A, Howley R (2016) Applying grounded theory methods to digital forensics research. In: The 11th annual ADFSL conference on digital forensics, security and law, May 2016Google Scholar
  9. 9.
    Delport W, Olivier MS, Kohn M (2011) Isolating a cloud instance for a digital forensic investigation. In: Information security South Africa conference (ISSA)Google Scholar
  10. 10.
    Delport W, Olivier MS (2012) Isolating instances in cloud forensics. In: Advances in digital forensic VIII IFIP, vol 383. Springer, Berlin, pp 187–200Google Scholar
  11. 11.
    James JI, Shosha AF, Gladyshev P (2012) Digital forensic investigation and cloud computing. ResearchGate, Dec 2012Google Scholar
  12. 12.
    Dykstra JABS (2013) Digital forensics for infrastructure-as-a-service cloud computing. Dissertation, Faculty of the Graduate School of the University of Maryland, Baltimore CountyGoogle Scholar
  13. 13.
    Daryabar F (2015) Digital forensics framework for investigating client cloud storage applications on smartphones. Thesis, University Putra Malaysia, May 2015Google Scholar
  14. 14.
    Hewling MO (2013) Digital forensics: an integrated approach for the investigation of cyber computer related crime. Thesis, University of BedfordshireGoogle Scholar
  15. 15.
    Chaurasia G (2015) Issues in acquiring digital evidence from cloud. J Forensic Res S3.
  16. 16.
    Karabiyik U (2015) Building an intelligent assistant for digital forensic. Thesis, Florida State UniversityGoogle Scholar
  17. 17.
    Kebande VR, Venter HS (2018) Novel digital forensic readiness techniques in the cloud environment. Aust J Forensic SciGoogle Scholar
  18. 18.
    Mustafa ZS (2016) Assessing the evidential value of artifacts recovered from the cloud. Cranfield UniversityGoogle Scholar
  19. 19.
    Clark P (2011) Digital forensics tool testing image metadata in the cloud. Gjovik University College, NorwayGoogle Scholar
  20. 20.
    Krishnan R (2017) Security and privacy in the cloud computing. Western Michigan UniversityGoogle Scholar
  21. 21.
    Sibiya MG (2015) Digital forensic model for a cloud environment. University of Pretoria, Feb 2015Google Scholar
  22. 22.
    De Marco L (2015) Forensic readiness capability for cloud computing. Università Degli Studi Di SalernoGoogle Scholar
  23. 23.
    Povar D, Geethakumari G (2016) Digital forensic architecture for cloud computing systems: methods of evidence identification, segregation, collection and partial analysis. In: The third international conference on information systems design and intelligent applications-India-2016. Advances in intelligent systems and computing (AISC) seriesGoogle Scholar
  24. 24.
    Manoj SK, Bhaskari DL (2016) Cloud forensics—a framework for investigating cyber attacks in cloud environment. Procedia Comput Sci 85:149–154CrossRefGoogle Scholar
  25. 25.
    Dykstra J, Sherman AT (2012) Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit Investig 9(Supplement):S90–S98CrossRefGoogle Scholar
  26. 26.
    Alex ME, Kishore R (2016) Forensic model for cloud computing. In: IEEE WiSPNET conferenceGoogle Scholar
  27. 27.
    Pichan A, Lazarescu M, Soh ST (2015) Cloud forensics: technical challenges, solutions and comparative analysis. Digit InvestigGoogle Scholar
  28. 28.
    Roussev V, Ahmed I, Barreto A, McCulley S, Shanmughan V (2016) Cloud forensics—tool development studies and future outlook. Digit InvestigGoogle Scholar
  29. 29.
    Choo KKR, Esposito C, Castiglione A (2017) Evidence and forensics in the cloud: challenges and future research directions. IEEE Cloud ComputGoogle Scholar
  30. 30.
    Alex ME, Kishore R (2017) Forensics framework for cloud computing. Comput Electr EngGoogle Scholar
  31. 31.
    Morioka E, Sharbaf MS (2016) Digital forensics research on cloud computing: an investigation of cloud forensics solutions. IEEE. ISBN 978-1-5090-0770-7Google Scholar
  32. 32.
    Martini B, Choo KKR (2012) An integrated conceptual digital forensic framework for cloud computing. Digit Investig 9:71–80. Journal homepage: Scholar
  33. 33.
    Shah JJ, Malik LG (2013) Cloud forensics: issues and challenges. In: 2013 sixth international conference on emerging trends in engineering and technology. ISBN 978-1-4799-2560-5/13 © 2013 IEEE 2013. IEEE Computer Society.
  34. 34.
    Martini B, Choo KKR (2013) Cloud storage forensics: own cloud as a case study. Digit Investig 17–36Google Scholar
  35. 35.
    Sharevski F (2013) Digital forensic investigation in cloud computing environment: impact on privacy. In: International conference IEEE Louisville chapter 2013, pp 1–6Google Scholar
  36. 36.
    Reichert Z, Richards K, Yoshigoe K (2014) Automated forensic data acquisition in the cloud. In: IEEE international conference computer societyGoogle Scholar
  37. 37.
    Zargari S, Benford D (2012) Cloud forensics: concepts, issues, and challenges. In: 2012 third international conference on emerging intelligent data and web technologies. IEEE Computer Society. ISBN 978-0-7695-4734-3/12 © 2012
  38. 38.
    NIST Cloud Computing Forensic Science Working Group (2014) NIST cloud computing forensic science challenges. Draft NISTIR 8006. Information Technology Laboratory, 23 June 2014Google Scholar
  39. 39.
    U.S. Department of Justice (2015) Research and development in forensic science for criminal justice purposes. OMB No. 1121-0329. Office of Justice Programs. Approval expires 31 July 2016Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Shri Govindram Seksaria Institute of Technology and ScienceIndoreIndia

Personalised recommendations