A Heuristic Model for Performing Digital Forensics in Cloud Computing Environment

  • Digambar Povar
  • G. Geethakumari
Part of the Communications in Computer and Information Science book series (CCIS, volume 467)


Cloud computing is a relatively new model in the computing world after several computing paradigms like personal, ubiquitous, grid, mobile, and utility computing. Cloud computing is synonymous with virtualization which is about creating virtual versions of the hardware platform, the Operating System or the storage devices. Virtualization poses challenges to implementation of security as well as cybercrime investigation in the cloud. Although several researchers have contributed in identifying digital forensic challenges and methods of performing digital forensic analysis in the cloud computing environment, we feel that the requirement of finding the most appropriate methods to evaluate the uncertainty in the digital evidence is a must. This paper emphasizes on the methods of finding and analyzing digital evidence in cloud computing environment with respect to the cloud user as well as the provider. We propose a heuristic model for performing digital forensics in the cloud environment.


Virtualization cloud computing cybercrime digital evidence digital forensics cloud forensics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Martini, B., Choo, K.-K.R.: Cloud storage forensics: ownCloud as a case study. Digital Investigation 10, 287–299 (2013)CrossRefGoogle Scholar
  2. 2.
  3. 3.
  4. 4.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing - NIST Special Publication. 800-145 (September 2011)Google Scholar
  5. 5.
    Velte, T., Velte, A., Elsenpeter, R.: Cloud Computing, A Practical Approach. McGraw Hill Computing, New York (2009)Google Scholar
  6. 6.
    Open Source Private Cloud software,
  7. 7.
    Open Source Private and Hybrid Cloud software,
  8. 8.
    VMware Private Cloud Computing Solution,
  9. 9.
    Martini, B., Choo, K.-K.R.: An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9, 71–80 (2012)CrossRefGoogle Scholar
  10. 10.
    Zawoad, S., Hasan, R.: Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems. arXiv:1302.6312v1[cs.DC] (February 26, 2013) Google Scholar
  11. 11.
    Federici, C.: AlmaNebula: A computer forensics framework for the Cloud. Procedia Computer Science 19, 139–146 (2013)CrossRefGoogle Scholar
  12. 12.
    Quick, D., Choo, K.-K.R.: Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems 29, 1378–1394 (2013)CrossRefGoogle Scholar
  13. 13.
    Roussev, V., Quates, C., Martell, R.: Real-time digital forensics and triage. Digital Investigation 10, 158–167 (2013)CrossRefGoogle Scholar
  14. 14.
    Povar, D., Geethakumari, G.: Digital Evidence Detection in Virtual Environment for Cloud Computing. ACM Digital Library (2012), 978-1-4503-1822-8Google Scholar
  15. 15.
    Povar, D., Bhadran, V.K.: Forensic Data Carving. In: Baggili, I. (ed.) ICDF2C 2010. LNICST, vol. 53, pp. 137–148. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
  17. 17.
    The Volatility Framework, (accessed April 25, 2014)
  18. 18.
    Memory forensics, (accessed April 25, 2014)
  19. 19.
    Forensic Toolkit, (accessed April 25, 2014)
  20. 20.
  21. 21.
    X-Ways Forensics, (accessed April 25, 2014)
  22. 22.
    CyberCheck, (accessed April 25, 2014)
  23. 23.
    Daryabar, F., Dehghantanha, A.: A Survey about Impacts of Cloud Computing on Digital Forensics. IJCSDF (2013)Google Scholar
  24. 24.
    Dykstra, J., Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation 9, 590–598 (2012)CrossRefGoogle Scholar
  25. 25.
    Wolthusen, S.D.: Overcast: Forensic Discovery in Cloud Environments. In: Fifth International Conference on IT Security Incident Management and IT Forensics. IEEE (2009), 978-0-7695-3807-5/09 Google Scholar
  26. 26.
    Anti-forensic tool,
  27. 27.
    Povar, D., Geethakumari, G.: A Novel approach to Detect Cloud Virtual Machines hidden using Alternate Data Streams. In: International Multi Conference on Automation, Computing, Control, Communication and Compressed Sensing (iMac4s 2013). IEEE XPlore (2013)Google Scholar
  28. 28.
    Birk, D.: Technical Issues of Forensic Investigations in Cloud Computing Environments. In: Workshop on Cryptography and Security in Clouds (2011)Google Scholar
  29. 29.
    Marty, R.: Cloud Application Logging for Forensics. In: Proceedings of the ACM SAC (2011)Google Scholar
  30. 30.
  31. 31.
  32. 32.
    Ruan, K., et al.: Cloud forensics: An overview. IBM Tech. Journal (2010)Google Scholar
  33. 33.
    Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 7, 564–573 (2010)Google Scholar
  34. 34. (accessed April 25, 2014)
  35. 35.
    Brain Carrier: File System Forensic Analysis (2005)Google Scholar
  36. 36.

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Digambar Povar
    • 1
  • G. Geethakumari
    • 1
  1. 1.Department of Computer Science and Information SystemsBITS Pilani, Hyderabad Campus, Jawaharnagar, Rangareddy Dist.India

Personalised recommendations