Cloud Separation: Stuck Inside the Cloud

  • Waldo Delport
  • Martin S. Olivier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7449)


When something erroneous happens happens in digital environment, a Digital Forensic Investigations (DFIs) can be used to gather information about the event. When conducting a DFI, Digital Forensic Procedures (DFPs) are followed. DFPs provide steps to follow to ensure the successful completion of the DFI. One of the steps in a DFP is to isolate possible evidence in order to protect the evidence from contamination and tampering. The introduction of Cloud computing complicated the isolation process because there is a shared layer between users. This means that the methods used to isolate evidence must be adapted and reworked to work in the Cloud environment. In some cases new procedures need to be introduced to address the isolation problem.

In this article we introduce the idea of Cloud separation to isolate a part of the Cloud. We argue that the separation process consists of methods to move instances, as well as methods to divide the Cloud. The paper also introduces methods to accomplish the movement of instances and the division of the Cloud. The paper reports on the finding of testing the dividing methods on different Cloud operating systems in experimental conditions. The experimental outcome was that some of the methods are not applicable to Cloud separation and the methods to be used will depend on the circumstances of the DFI. Out of the experiment some lessons were learnt which should be considered when conducting Cloud separation.


Cloud Computing Digital Forensic Digital Forensics Process Isolation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Vouk, M.A.: Cloud computing - issues, research and implementations. In: 30th International Conference on Information Technology Interfaces, ITI 2008, pp. 31–40 (June 2008)Google Scholar
  2. 2.
    Barrett, D., King, T.: Computer networking illuminated. Jones and Bartlett illuminated series. Jones and Bartlett (2005)Google Scholar
  3. 3.
    Biggs, S., Vidalis, S.: Cloud computing: The impact on digital forensic investigations. In: International Conference for Internet Technology and Secured Transactions, ICITST 2009, pp. 1–6 (November 2009)Google Scholar
  4. 4.
    Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, GCE 2008, pp. 1–10 (November 2008)Google Scholar
  5. 5.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technolog. Technical report, National Institute of Standards and Technology (2011)Google Scholar
  6. 6.
    Ashcroft, J.: Electronic Crime Scene Investigation: A Guide for First Responders. Technical Working Group for Electronic Crime Scene Investigation (July 2001)Google Scholar
  7. 7.
    Cohen, F.: Digital Forensic Evidence Examination, 2nd edn. Fed Cohen & Associates, Livermore (2010)Google Scholar
  8. 8.
    Delport, W., Olivier, M.S.: Isolation, stuck inside the cloud. In: Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics (in Press, 2012)Google Scholar
  9. 9.
    Binnig, C., Kossmann, D., Kraska, T., Loesing, S.: How is the weather tomorrow?: towards a benchmark for the cloud. In: Proceedings of the Second International Workshop on Testing Database Systems, DBTest 2009, pp. 1–9. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Lu, R., Lin, X., Liangand, X., Shen, X.: Secure provenance: the essential of bread and butter of data forensics in cloud computing. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 282–292. ACM, New York (2010)CrossRefGoogle Scholar
  11. 11.
    Nitu, I.: Configurability in SaaS (software as a service) applications. In: Proceedings of the 2nd India software engineering conference, ISEC 2009, pp. 19–26. ACM, New York (2009)CrossRefGoogle Scholar
  12. 12.
    Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics: An overview. In: IFIP International Conference on Digital Forensics, p. 7 (2011)Google Scholar
  13. 13.
    Lim, N., Khoo, A.: Forensics of computers and handheld devices: identical or fraternal twins? Commun. ACM 52, 132–135 (2009)CrossRefGoogle Scholar
  14. 14.
    Lyle, J.R.: A strategy for testing hardware write block devices. Digital Investigation 3(suppl.), 3–9 (2006); The Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS 2006) CrossRefGoogle Scholar
  15. 15.
    Delport, W., Olivier, M.S., Köhn, M.: Isolating a cloud instance for a digital forensic investigation. In: 2011 Information Security for South Africa (ISSA 2011) Conference (2011)Google Scholar
  16. 16.
    Vmware inc. Computer Program. vSphere 5.0 (2011), (accessed May 26, 2012)

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Waldo Delport
    • 1
  • Martin S. Olivier
    • 1
  1. 1.Information and Computer Security Architectures Research Group Department of Computer ScienceUniversity of PretoriaSouth Africa

Personalised recommendations