Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

Published: September 28, 2017


Changwei Liu, Anoop Singhal, Duminda Wijesekera


Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of forensically valuable data on the deployment model, multiple virtual machines running on a single physical machine and multiple tenancies of clients. In this paper, we show what evidence from the cloud would be useful to construct the attack scenario by using a Prolog logic based forensic analysis tool. We propose to implement and design a forensic enabled cloud, which includes installing forensic tools in the cloud environment and logging all the activities from both the application layer and lower layers. Such an implementation can provide evidence for a Prolog based forensic tool, which can automate correlating the evidence from both the clients and the cloud service provider to construct attack steps and therefore re-create the attack scenarios on the cloud.
Proceedings Title: Advances in Digital Forensics XIII
Conference Dates: January 30-February 1, 2017
Conference Location: Orlando, FL
Conference Title: Thirteenth IFIP WG 11.3 International Conference on Digital Forensics
Pub Type: Conferences


Attack Graphs, Digital Forensic Analysis, Evidence Graphs, Cloud Computing
Created September 28, 2017, Updated November 10, 2018