NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

Published

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Abstract

Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of forensically valuable data on the deployment model, multiple virtual machines running on a single physical machine and multiple tenancies of clients. In this paper, we show what evidence from the cloud would be useful to construct the attack scenario by using a Prolog logic based forensic analysis tool. We propose to implement and design a forensic enabled cloud, which includes installing forensic tools in the cloud environment and logging all the activities from both the application layer and lower layers. Such an implementation can provide evidence for a Prolog based forensic tool, which can automate correlating the evidence from both the clients and the cloud service provider to construct attack steps and therefore re-create the attack scenarios on the cloud.
Proceedings Title
Advances in Digital Forensics XIII
Conference Dates
January 30-February 1, 2017
Conference Location
Orlando, FL, US
Conference Title
Thirteenth IFIP WG 11.3 International Conference on Digital Forensics
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-319-67208-3_7
Local Download

Keywords

Attack Graphs, Digital Forensic Analysis, Evidence Graphs, Cloud Computing
Forensic Science, Digital evidence, Cybersecurity and privacy and Cloud computing and virtualization

Citation

Liu, C. , Singhal, A. and Wijesekera, D. (2017), Identifying Evidence for Implementing a Cloud Forensic Analysis Framework, Advances in Digital Forensics XIII, Orlando, FL, US, [online], https://doi.org/10.1007/978-3-319-67208-3_7, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=922187 (Accessed October 25, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created September 27, 2017, Updated October 12, 2021
Was this page helpful?