Skip to main content

CFIM: Toward Building New Cloud Forensics Investigation Model

Part of the Lecture Notes in Networks and Systems book series (LNNS,volume 7)


In recent times, cybercrime investigation in cloud computing poses complex challenges due to virtualization, volatile data, deleted data, and dynamic and distributing nature of cloud computing. Performing cybercrime investigation in cloud environment is called Cloud Forensics. With the intention of overcoming these challenges, this paper introduces a Cloud Forensics investigation model (CFIM) that can help to investigate cybercrimes in the cloud in forensically sound and timely fashion. The proposed model is an intelligent system that is able to take a snapshot periodically for each virtual machine running in the cloud, sends it automatically to trusted center server (TCS) that is responsible for monitoring and recording the status of the virtual machine and finally, sends it to the forensic server (FS) to perform forensic analysis. This model can increase probability of tracking attackers, determining weaknesses of virtual machines for future use, and also can support in the process of extraction and collection of digital evidence.


  • Cloud computing
  • Digital forensics
  • Cloud forensics
  • Digital evidence and cybercrimes

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Mell P, Grance T (2011) “The NIST definition of cloud computing.” 20–23

    Google Scholar 

  2. McKemmish R (1999) What is forensic computing? Australian Institute of Criminology, Canberra

    Google Scholar 

  3. Ruan K et al (2011) Cloud forensics. Advances in digital forensics VII. Springer, Berlin, pp 35–46

    CrossRef  Google Scholar 

  4. Ruan K et al (2013) Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results. Digit Invest 10(1):34–43

    CrossRef  Google Scholar 

  5. Rani DR, Geethakumari G (2015) An efficient approach to forensic investigation in cloud using VM snapshots. In: IEEE international conference on pervasive computing (ICPC)

    Google Scholar 

  6. Dykstra J, Sherman A (2012) Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. In: DoD Cyber Crime Conference

    Google Scholar 

  7. Simou S et al (2015) A meta-model for assisting a cloud forensics process. Risks and security of Internet and systems. Springer, Berlin, pp 177–187

    Google Scholar 

  8. Povar D, Geethakumari G (2014) A heuristic model for performing digital forensics in cloud computing environment. Security in computing and communications. Springer, Berlin, pp 341–352

    Google Scholar 

  9. Zawoad S, Hasan R, Skjellum A (2015) OCF: an open cloud forensics model for reliable digital forensics. In: 2015 IEEE 8th international conference on cloud computing (CLOUD). IEEE

    Google Scholar 

  10. El-Din Hemdan E, Manjaiah DH (2015) Exploring digital forensic investigation issues for cyber crimes in cloud computing environment. In: Proceeding of international conference on computer communication and networks (i3CN), on 8th May 2015

    Google Scholar 

Download references


We acknowledge the support of the Indian Council for Cultural Relations (ICCR) under the Africa Scholarship Scheme and the executive program between Arab Republic of Egypt and India.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ezz El-Din Hemdan .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hemdan, E.ED., Manjaiah, D.H. (2018). CFIM: Toward Building New Cloud Forensics Investigation Model. In: Saini, H., Singh, R., Reddy, K. (eds) Innovations in Electronics and Communication Engineering . Lecture Notes in Networks and Systems, vol 7. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-3811-2

  • Online ISBN: 978-981-10-3812-9

  • eBook Packages: EngineeringEngineering (R0)