Springer Nature is making Coronavirus research free. View research | View latest news | Sign up for updates

A framework for designing cloud forensic-enabled services (CFeS)

  • 462 Accesses

  • 2 Citations


Cloud computing is used by consumers to access cloud services. Malicious actors exploit vulnerabilities of cloud services to attack consumers. The link between these two assumptions is the cloud service. Although cloud forensics assists in the direction of investigating and solving cloud-based cyber-crimes, in many cases the design and implementation of cloud services fall back. Software designers and engineers should focus their attention on the design and implementation of cloud services that can be investigated in a forensic sound manner. This paper presents a methodology that aims on assisting designers to design cloud forensic-enabled services. The methodology supports the design of cloud services by implementing a number of steps to make the services cloud forensic enabled. It consists of a set of cloud forensic constraints, a modeling language expressed through a conceptual model and a process based on the concepts identified and presented in the model. The main advantage of the proposed methodology is the correlation of cloud services’ characteristics with the cloud investigation while providing software engineers the ability to design and implement cloud forensic-enabled services via the use of a set of predefined forensic-related tasks.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24


  1. 1.

    Skyhigh (2016) Cloud adoption and risk report Q4 2016. Skyhigh, p 33

  2. 2.

    Martini B, Choo K-KR (2014) Distributed filesystem forensics: XtreemFS as a case study. Digit Invest 11(4):295–313

  3. 3.

    Wilshusen GC (2016) Federal information security: actions needed to address challenges. U.S. Government Accountability Office, Washington, D. C., p 17

  4. 4.

    Simou S, Kalloniatis C, Mouratidis H, Gritzalis S (2016) Towards a model-based framework for forensic-enabled cloud information systems. In: Katsikas S, Lambrinoudakis C, Furnell S (eds) Proceedings of the trust, privacy and security in digital business: 13th international conference, TrustBus 2016, Porto, Portugal. Springer, Switzerland, pp 35–47

  5. 5.

    McKemmish R (1999) What is forensic computing? Trends and issues in crime and criminal justice. Canberra Aust Aust Inst Criminol 118:1–6

  6. 6.

    Palmer G (2001) A road map for digital forensic research. technical report from the first digital forensics research workshop (DFRWS). In: Proceedings of the first digital forensic research workshop, Utica, New York, USA, pp 1–48

  7. 7.

    U.S. Department of Justice (2001) Electronic crime scene investigation: a guide for first responders. In: NIJ research report, NCJ 187736, Washington, p 96

  8. 8.

    Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. Int J Digit Evid 1(3):1–12

  9. 9.

    Carrier B, Spafford EH (2003) Getting physical with the digital investigation process. Int J Digit Evid 2(2):1–20

  10. 10.

    Baryamureeba V, Tushabe F (2004) The enhanced digital investigation process model. In: Proceedings of the fourth digital forensic research workshop (DFRWS), Baltimore, MD, USA

  11. 11.

    Ciardhuáin SÓ (2004) An extended model of cybercrime investigations. Int J Digit Evid 3(1):1–22

  12. 12.

    Selamat SR, Yusof R, Sahib S (2008) Mapping process of digital forensic investigation framework. Int J Comput Sci Netw Secur 8(10):163–169

  13. 13.

    Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Invest Int J Digit Forensic Incid Response 2(2):147–167

  14. 14.

    Kent K, Chevalier S, Grance T, Dang H (2006) Guide to integrating forensic techniques into incident response. NIST Special Publication. SP 800-86, p 121

  15. 15.

    von Solms S, Louwrens C, Reekie C, Grobler T (2006) A control framework for digital forensics. In: Olivier MS, Shenoi S (eds) Proceedings of the IFIP international conference on digital forensics, National Center for Forensic Science. Advances in digital forensics II, Orlando, Florida. Springer, New York, pp 343–355

  16. 16.

    Cohen FB (2010) Fundamentals of digital forensic evidence. In: Stavroulakis P, Stamp M (eds) Handbook of information and communication security. Springer, Berlin, pp 789–808

  17. 17.

    Agarwal A, Gupta M, Gupta S, Gupta SC (2011) Systematic digital forensic investigation model. Int J Comput Sci Secur 5(1):118–131

  18. 18.

    Valjarevic A, Venter HS (2012) Harmonised digital forensic investigation process model. In: Proceedings of the 2012 information security for South Africa (ISSA), Johannesburg, South Africa, pp 1–10

  19. 19.

    Guo H, Jin B, Shang T (2012) Forensic investigations in cloud environments. In: Proceedings of the 2012 international conference on computer science and information processing (CSIP), Xi’an, Shaanxi, pp 248–251

  20. 20.

    Chen G, Du Y, Qin P, Du J (2012) Suggestions to digital forensics in cloud computing ERA. In: 3rd IEEE international conference on network infrastructure and digital content (IC-NIDC), Beijing, China, pp 540–544

  21. 21.

    Martini B, Choo K-KR (2012) An integrated conceptual digital forensic framework for cloud computing. Digit Investig 9(2):71–80

  22. 22.

    Ruan K, Carthy J (2012) Cloud Forensic maturity model. In: Rogers M, Seigfried-Spellar KC (eds) Proceedings of the 4th international conference on digital forensics and cyber crime (ICDF2C). Springer, Berlin, pp 22–41

  23. 23.

    Adams R (2013) The emergence of cloud storage and the need for a new digital forensic process model. In: Ruan K (ed) Cybercrime and cloud forensics: applications for investigation processes. IGI Global, Hershey, pp 79–104

  24. 24.

    Kohn MD, Eloff MM, Eloff JH (2013) Integrated digital forensic process model. Comput Secur 38:103–115

  25. 25.

    Zawoad S, Hasan R, Skjellum A (2015) OCF: an open cloud forensics model for reliable digital forensics. In: IEEE 8th international conference on cloud computing (CLOUD). New York City, NY, pp 437–444

  26. 26.

    Simou S, Kalloniatis C, Gritzalis S, Mouratidis H (2016) A survey on cloud forensics challenges and solutions. Secur Commun Netw 9(18):6285–6314

  27. 27.

    Simou S, Kalloniatis C, Kavakli E, Gritzalis S (2014) Cloud forensics: identifying the major issues and challenges. In: Jarke M, Mylopoulos J, Quix C, Rolland C, Manolopoulos Y, Mouratidis H, Horkoff J (eds) Proceedings of the 26th international conference on advanced information systems engineering (CAiSE). Thessaloniki, Greece. Springer, Cham, pp 271–284

  28. 28.

    Kalloniatis C, Mouratidis H, Vassilis M, Islam S, Gritzalis S, Kavakli E (2014) Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts. Comput Stand Interfaces 36(4):759–775

  29. 29.

    Zawoad S, Hasan R (2015) FECloud: a trustworthy forensics-enabled cloud architecture. In: Peterson G, Shenoi S (eds) Advances in digital forensics XI. Springer, Berlin, pp 271–285

  30. 30.

    Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) NIST cloud computing reference architecture. In: NIST special publication. National Institute of Standards and Technology, SP 500-292, p 35

  31. 31.

    Catteddu D, Felici D, Hogben G, Holcroft A, Kosta E, Leenes R, Millard C, Niezen M, Nunez D, Papanikolaou N (2013) Towards a model of accountability for cloud computing services. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA international workshop on trustworthiness, accountability and forensics in the cloud (TAFC), Malaga, Spain

  32. 32.

    Cloud Accountability Project (2016) Accountability in the cloud-conceptual framework. Cited 2018 Feb 18.

  33. 33.

    Newcombe L (2012) Securing cloud services: a pragmatic approach to security architecture in the cloud. IT Governance Publishing, Ely

  34. 34.

    NIST (2013) NIST cloud computing security reference architecture. In: Working document, Draft SP 500-299. National Institute of Standards and Technology, p 204

  35. 35.

    Ruan K, Carthy J, Kechadi T, Crosbie M (2011) Cloud forensics. In: Peterson G, Shenoi S (eds) Proceedings of the 7th IFIP WG 11.9 international conference on digital forensics. advances in digital forensics VII. Springer, Berlin, pp 35–46

  36. 36.

    Chang C, Ramachandran M (2016) Towards achieving data security with the cloud computing adoption framework. Trans Serv Comput 9(1):138–151

  37. 37.

    Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255

  38. 38.

    Shei S, Kalloniatis C, Mouratidis H, Delaney A (2016) Modelling secure cloud computing systems from a security requirements perspective. In: Katsikas S, Lambrinoudakis C, Furnell S (eds) Proceedings of the trust, privacy and security in digital business: 13th international conference, TrustBus 2016. Porto, Portugal. Springer, Switzerland, pp 48–62

  39. 39.

    Simou S, Kalloniatis C, Kavakli E, Gritzalis S (2014) Cloud forensics solutions: a review. In: Iliadis L, Papazoglou M, Pohl K (eds) Proceedings of the 4th international workshop on information systems security engineering (WISSE). Advanced information systems engineering workshops: CAiSE 2014. Springer, Cham, pp 299–309

  40. 40.

    Czarnecki K, Eisenecker UW (2000) Generative programming: methods, tools, and applications, vol 1. Addison-Wesley, Boston

  41. 41.

    Šípka M (2005) Exploring the commonality in feature modeling notations. In: Bielikova M (ed) Proceedings of IIT. SRC, California, pp 139–144

  42. 42.

    Kavakli E, Kalloniatis C, Loucopoulos P, Gritzalis S (2006) Incorporating privacy requirements into the system design process: the PriS conceptual framework. Internet Res 16(2):140–158

  43. 43.

    ENISA (2013) Cloud computing incident reporting: framework for reporting about major cloud security incidents, p 38

  44. 44.

    Beebe N, Clark J (2005) Dealing with terabyte data sets in digital investigations. In: Pollitt M, Shenoi S (eds) Proceedings of the IFIP international Conference on Digital Forensics, National Center for Forensic Science. Advances in digital forensics, Orlando, Florida. Springer, New York, pp 3–16

  45. 45.

    Grispos G, Storer T, Glisson WB (2012) Calm before the storm: the challenges of cloud computing in digital forensics. Int J Digit Crime Forensics 4(2):28–48

  46. 46.

    Kokolakis S, Demopoulos AJ, Kiountouzis EA (2000) The use of business process modelling in information systems security analysis and design. Inf Manag Comput Secur 8(3):107–116

  47. 47.

    Alotaibi Y, Liu F (2014) A novel secure business process modeling approach and its impact on business performance. Inf Sci 277(Supplement C):375–395

  48. 48.

    Peffers K, Tuunanen T, Rothenberger MA, Chatterjee S (2007) A design science research methodology for information systems research. J Manag Inf Syst 24(3):45–77

  49. 49.

    Geerts GL (2011) A design science research methodology and its application to accounting information systems research. Int J Account Inf Syst 12(2):142–151

  50. 50.

    Gregor S, Hevner AR (2013) Positioning and presenting design science research for maximum impact. MIS Q 37(2):337–356

Download references

Author information

Correspondence to Stavros Simou.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Simou, S., Kalloniatis, C., Gritzalis, S. et al. A framework for designing cloud forensic-enabled services (CFeS). Requirements Eng 24, 403–430 (2019).

Download citation


  • Cloud forensics
  • Cloud forensic methodology
  • Cloud forensic process
  • Cloud forensic conceptual model
  • Cloud forensic constraints