Isolating Instances in Cloud Forensics

  • Waldo Delport
  • Martin Olivier
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 383)


The isolation of a computing environment is an integral part of a digital forensic process. Isolation helps prevent evidence contamination and possible tampering. This paper focuses on the process of isolating instances in cloud computing systems. Several conditions are specified to serve as a guide for the successful isolation of cloud instances. Also, the complications that can arise during a cloud forensic investigation are discussed.


Cloud forensics instances isolation 


  1. 1.
    D. Barrett and T. King, Computer Networking Illuminated, Jones and Bartlett, Sudbury, Massachusetts, 2005.Google Scholar
  2. 2.
    S. Biggs and S. Vidalis, Cloud computing: The impact on digital forensic investigations, Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 1–6, 2009.Google Scholar
  3. 3.
    C. Binnig, D. Kossmann, T. Kraska and S. Loesing, How is the weather tomorrow? Towards a benchmark for the cloud, Proceedings of the Second International Workshop on Testing Database Systems, 2009.Google Scholar
  4. 4.
    M. Caloyannides, N. Memon and W. Venema, Digital forensics, IEEE Security and Privacy, vol. 7(2), pp. 16–17, 2009.CrossRefGoogle Scholar
  5. 5.
    E. Casalicchio and S. Tucci, Static and dynamic scheduling algorithms for scalable web server farms, Proceedings of the Ninth Euromicro Workshop on Parallel and Distributed Processing, pp. 369–376, 2001.CrossRefGoogle Scholar
  6. 6.
    R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka and J. Molina, Controlling data in the cloud: Outsourcing computation without outsourcing control, Proceedings of the ACM Workshop on Cloud Computing Security, pp. 85–90, 2009.CrossRefGoogle Scholar
  7. 7.
    F. Cohen, Digital Forensic Evidence Examination, ASP Press, Livermore, California, 2010.Google Scholar
  8. 8.
    I. Foster, Y. Zhao, I. Raicu and S. Lu, Cloud computing and grid computing 360-degree compared, Proceedings of the Grid Computing Environments Workshop, 2008.Google Scholar
  9. 9.
    M. Khosa (Ed.), Infrastructure Mandate for Change 1994-1999, Human Sciences Research Council, Pretoria, South Africa, 2001.Google Scholar
  10. 10.
    N. Lim and A. Khoo, Forensics of computers and handheld devices: Identical or fraternal twins? Communications of the ACM, vol. 52(6), pp. 132–135, 2009.CrossRefGoogle Scholar
  11. 11.
    R. Lu, X. Lin, X. Liang and X. Shen, Secure provenance: The essential of bread and butter of data forensics in cloud computing, Proceedings of the Fifth ACM Symposium on Information, Computer and Communications Security, pp. 282–292, 2010.Google Scholar
  12. 12.
    J. Lyle, A strategy for testing hardware write block devices, Digital Investigation, vol. 3(S), pp. S3–S9, 2006.CrossRefGoogle Scholar
  13. 13.
    P. Mell and T. Grance, The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-145, National Institute of Standards and Technology, Gaithersburg, Maryland, 2011.Google Scholar
  14. 14.
    Nimbula, Nimbula Director, Mountain View, California (
  15. 15.
    Nitu, Configurability in SaaS (software as a service) applications, Proceedings of the Second India Software Engineering Conference, pp. 19–26, 2009.Google Scholar
  16. 16.
    Oxford University Press, Oxford Dictionaries, Oxford, United Kingdom (, 2012.
  17. 17.
    D. Ras and M. Olivier, Finding droplets in the cloud, in Advances in Digital Forensics VIII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 169–185, 2012.Google Scholar
  18. 18.
    G. Reese, Cloud Application Architectures: Building Applications and Infrastructure in the Cloud, O’Reilly, Sebastopol, California, 2009.Google Scholar
  19. 19.
    K. Ruan, J. Carthy, M. Kechadi and M. Crosbie, Cloud forensics, in Advances in Digital Forensics VII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 35–46, 2011.CrossRefGoogle Scholar
  20. 20.
    Technical Working Group for Electronic Crime Scene Investigation, Electronic Crime Scene Investigation: A Guide for First Responders, NIJ Guide, NCJ 187736, U.S. Department of Justice, Washington, DC, 2001.Google Scholar
  21. 21.
    M. Vouk, Cloud computing – Issues, research and implementations, Proceedings of the Thirtieth International Conference on Information Technology Interfaces, pp. 31–40, 2008.CrossRefGoogle Scholar
  22. 22.
    P. White (Ed.), Crime Scene to Court: The Essentials of Forensic Science, Royal Society of Chemistry, Cambridge, United Kingdom, 2010. Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Waldo Delport
    • 1
  • Martin Olivier
    • 1
  1. 1.University of PretoriaPretoriaSouth Africa

Personalised recommendations