Content uploaded by Ummer Farooq
Author content
All content in this area was uploaded by Ummer Farooq on Jan 23, 2024
Content may be subject to copyright.
979-8-3503-0565-4/23/$31.00 ©2023 IEEE
A Systematic Literature Review of Latest Cloud
Forensic Frameworks, Tools and Challenges
Ummer Farooq
Department of Computer and
Software Engineering
College of Electrical and
Mechanical Engineering (EME),
National University of Sciences
and Technology (NUST)
Islamabad, Pakistan
ufarooq.cse19ceme@student.nust
.edu.pk
Arslan Shaukat
Department of Computer and
Software Engineering
College of Electrical and
Mechanical Engineering (EME),
National University of Sciences
and Technology (NUST)
Islamabad, Pakistan
arslanshaukat@ceme.nust.edu.pk
Wasi Haider Butt
Department of Computer and
Software Engineering
College of Electrical and
Mechanical Engineering (EME),
National University of Sciences
and Technology (NUST)
Islamabad, Pakistan
wasi@ceme.nust.edu.pk
Ali Hassan
Department of Computer and
Software Engineering
College of Electrical and
Mechanical Engineering (EME),
National University of Sciences
and Technology (NUST)
Islamabad, Pakistan
alihassan@ceme.nust.edu.pk
Abstract—Background: Cloud computing is widely used in this
era of IoTs. Cloud users utilize cloud computing to access various
cloud services. The defects in cloud services are exploited by sus-
picious actors. On the other hand, cloud forensics help against
such suspicious actors. It has been observed on many occasions
that cloud services were not well designed. Objective: Cloud com-
puting with its services exposed to cyber threats, due to the bad
implementation of cloud services, helps suspicious actors to exploit
vulnerabilities in the cloud environment. The main objective is to
identify different cloud forensic frameworks. Method: We have
used the method of systematic literature review to find and analyze
different research studies, which mainly are published between
2010-2022. Results: In this paper, we have discovered 36 different
cloud forensic frameworks, with some forensic tools. In this SLR
we also mentioned some challenges of cloud forensics with recom-
mendations. Conclusion: This systematic literature review unveils
the latest developments in cloud forensic frameworks, tools, and
challenges. The insights provided in this paper will serve as an in-
valuable resource for future researchers in this domain, facilitat-
ing the enhancement of cloud security practices.
Keywords— cloud forensic frameworks, digital cloud forensic,
cloud forensic tools, cloud forensic challenges, cloud forensic limi-
tations.
I. INTRODUCTION
Cloud forensics is a specialized field of digital forensics that
focuses on the investigation and analysis of digital data stored in
cloud environments. In today's digital age, cloud services have
become integral to businesses and individuals alike, serving as a
repository for vast amounts of data. However, the cloud also
presents unique challenges when it comes to conducting forensic
investigations. Cloud forensics is critical because it addresses
the need to gather, preserve, and analyse digital evidence that
may be spread across various cloud platforms. This evidence can
be crucial in cases of cybercrime, data breaches, or other digital
misconduct. Understanding intricacies of cloud forensics is
essential for LEAs and cybersecurity professionals.
One of the primary challenges in cloud forensics is the
dynamic and distributed nature of cloud environments. Data
may be stored across multiple servers and datacentres, making it
challenging for cloud investigator to locate, access, and preserve
evidence. Additionally, cloud service providers often have their
own proprietary systems and access controls, which also can
complicate cloud forensic investigation process. Cloud forensics
professionals must address legal and privacy concerns. Data
stored in the cloud may belong to various entities, and accessing
it for forensic purposes requires careful consideration of privacy
laws and regulations. Compliance with legal requirements is
paramount to ensuring the admissibility of evidence in court.
Cloud forensics frameworks are crucial tools that aid in
investigating and understanding security incidents, data
breaches, or other digital crimes within cloud environments.
These frameworks serve as a systematic approach to collecting
and analysing evidence in cloud-based systems, ensuring a
comprehensive and efficient investigation process. The main
purpose of this systematic literature review is to identify the
latest frameworks in the field of cloud forensics and to explore
recent cloud forensic tools being used in cloud forensic investi-
gations. Additionally, this review aims to pinpoint challenges
associated with cloud-related forensics. This paper has
identified a total of 36 cloud forensic frameworks. Furthermore,
we have addressed the following research questions.
Research Question
1
:
What are the latest frameworks and meth-
ods used in cloud forensics from 2010 to 2022?
Research Question
2
: What types of tools have been employed
in cloud forensics from 2010 to 2022?
Research Question
3:
What are the significant challenges faced
in the field of cloud forensics?
II. RESEARCH METHODOLOGY
A researcher [1] explained a methodology, which is for a
systematic literature review. We will use that methodology for
our SLR research paper.
A. Defining Category
Our research which is about cloud forensics has three main
categories which are shown as fallow.
• Cloud Forensic Framework Category: Studies related
to cloud frameworks are included.
• Cloud Forensic Tools Category: Studies related to
cloud forensic tools are included.
• Cloud Forensic Challenges Category: Studies related
to challenges of cloud forensic are included.
2023 2nd International Conference on Emerging Trends in Electrical, Control, and Telecommunication Engineering (ETECTE) | 979-8-3503-0565-4/23/$31.00 ©2023 IEEE | DOI: 10.1109/ETECTE59617.2023.10396682
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
B. Developing a Review Protocol
Review protocol development has four part which are:
1) Selection criteria: In the selection criteria, we will be
looking at five major parts, which includes subject relevance,
years selected for research, specific publisher repositories,
effectiveness, result orientation.
a) Subject Relevence: We have exclusively chosen
research papers that are directly relevant to our field, which is
cloud forensic frameworks. Relevance is a critical factor in
addressing our research questions, and we have excluded
research papers that lack relevance and do not contribute to our
research questions.
b) 2010-2022: We have chosen research papers primarily
from the years 2010-2022, including the latest work, and
excluded older, irrelevant research.
c) Databases: We have included research from various
relevant databases, including publication databases like IEEE,
Elsevier, ACM, and Springer, as well as other relevant sources.
d) Crucial Effects: We have included research that is
crucial, important, and positively impacts the field of cloud
forensic frameworks.
e) Result Oriented: We have specifically chosen research
papers that implement frameworks related to cloud forensics.
Research works that did not yield any cloud forensic-related
framework were not included in our selection.
2) Search Stratagy: A search process is mainly composed
of information related to databases, keywords, or search terms
used to extract the desired information. The search keywords
used for extracting information are discussed in Table I.
Keywords and search terms are employed in various ways to
find the desired information effectively. To enhance the
effectiveness of our research, we utilize Boolean operators
'AND' and 'OR' in conjunction with search techniques. We have
employed different search terms in combination with these
operators to locate relevant research studies. The keywords used
to extract pertinent information include 'cloud forensic
framework,' 'cloud forensic services,' 'cloud forensic tools,' and
'digital cloud forensic framework.' Our search strategy, depicted
in Fig. 1, consists of four steps.
TABLE I. S
EARCH
T
ERMS AND
D
ATABASE
D
ETAILS
Keywords
B/O Number of Search Results
IEEE
ACM Elsevier Springer Other
Cloud
Forensic
Frame-
work
AND
77
521
1020
1537
80
OR 246,766
148,557
844,537 878,559 79,300
Cloud
Forensic
Tools
AND
82
601
1234
1766
20
OR 236,488
169,926
1,230,763 997,334 88,200
Cloud
Forensic
Services
AND
157
640
1233
1831
25
OR 291,500
122,454
839,423 867,877 106,00
0
Digital
Cloud
Forensic
Frame-
work
AND
59
485
693
1001
30
OR 396,906
257,780
1,211,354 1,106,107 51,100
In our selection criteria, we utilized both inclusion and
exclusion criteria to identify relevant research papers in the field
of cloud forensic frameworks, tools, and challenges. The
research papers we have collected are sourced from reputable
scientific repositories, including IEEE, ACM, Elsevier,
Springer, as well as other repositories. Fig. 1, shown below,
illustrates the search strategy employed in this Systematic
Literature Review (SLR) paper. Through this strategy, we
identified 39 studies, with 36 studies focused on cloud forensic
frameworks, 1 study on cloud forensic tools, and the remaining
2 studies addressing challenges encountered in cloud forensics.
Fig. 1. Search stratagy.
3) Quality Assessment: In this section, we will identify
various types of quality assessment criteria. The purpose of this
research is to explore the latest frameworks, tools and
challenges. The research papers selected from the databases are
mostly recent and are related to the field, spanning from the year
2010 to 2022. All the selected research papers are in the English
language, and any duplicate research has been removed.
4) Data Extraction and Data synthesis: After completing
the data extraction process, we will analyse the collected data to
identify various frameworks, tools and challenges used in cloud
forensic investigations. In Table II, we have provided data
extraction details, and Table III contains information related to
the data synthesis, while a digital library with research studies
and the type of research is shown in Table IV.
TABLE II. D
ATA
E
XTRACTION
Data Extraction Details
Sr # Description Details
1 Bibliography Research title, authors, publisher info,Year of
the publication.
2
Overview
Info
about
selected research studies.
3 Results Result of selected research studies.
TABLE III. D
ATA
S
YNTHESIS
Data Synthesis Details
Sr # Description Details
1 Cloud Forensics
Challenges
Challenges related to cloud forensics will be
discussed. (Table VI)
2 Frameworks for
Cloud Forensics
Frameworks related to cloud forensics will be
discussed. (Table VII)
3 Cloud Forensic
Tools
Tools related to cloud forensics will be
discussed. (Table VIII)
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
Fig. 2. Proposed cloud forensic process flow.
TABLE IV. D
IGITAL
L
IBRARY
D
ETAILS WITH
S
ELECTED
R
ESEARCH
Digital
Library
No. of
Papers
Type Selected Research
IEEE 13
Journal
[14]
[23]
Conference [8][13][15][16][18][21][22]
[25][26][29][37]
Elsevier 02 Journal [27][34]
Conference
-
/
-
Springer 07
Journal
[35][40]
Conference [4][11][28][32][33]
ACM 01 Journal [3]
Conference
-
/
-
Others 16 Journal [2][9][12]
Conference [5][6][7][10][17][19][20]
[24][30][31][36][38][39]
III.
RESULTS
In the results section, we will discuss the findings of selected
research studies in relation to the research questions.
TABLE V. C
ATAGORY
D
ETAILS WITH
R
ESEARCH
S
TUDIES
Category No. of
Papers
Type Selected Research
Cloud
Forensic
Frameworks
36
J
[9][12][14][23][27][34][35][40]
C [5][6][7][8][10][11][13][15][16]
[17][18][19][20][21][22][24][25][26]
[28][29][30][31][32][33][36][37][38]
[39]
Cloud
Forensic
Tools
01 J [2]
C -/-
Cloud
Forensic
Challenges &
Limitations
02 J [3]
C [4]
In this systematic literature review we have selected about
‘39’ research studies. 13 of these studies are from IEEE, 02 are
from Elsevier, 07 from Springer, 01 from ACM and 16 are
related to other databases as shown in Table IV. Whereas Table
V shows category details with respect to type of research studies.
A. Cloud Forensic Frameworks (Research Question 1)
After going through several research, we proposed a general
comparison cloud forensic process as shown in Fig. 2, which has
five main cloud forensic stages. But to differentiate w.r.t to latest
cloud frameworks, cloud forensic process flow is compared here
with other latest cloud frameworks. Five main stages include
incident identification & reporting, case initiation & planning,
evidence collection & acquisition, evidence examination &
analysis, and presentation and legal proceedings and four others
concurrent stages include cloud service provider cooperation,
evidence preservation, validation & documentation, artifact
interpretation and extraction. In this SLR we have collected the
information of 36 cloud forensic frameworks which are
compared with respect to their stages as shown in Table VII.
B. Cloud Forensic Tools (Research Question 2)
We have discussed eight cloud forensic tools that are being
used in cloud forensics investigations. Forensic tools are shown
with their description in Table VIII. Cloud tools are given in
column “tools”. Research study [2] also discussed some cloud
forensic tools and described their purpose. These tools include
EnCase tool, Diffy tool, FTK tool, FROST tool, Oxygen
forensic suit tool, SIFT tool, AW-IR tool and UFED tool.
C. Challenges in Cloud Forensics (Research Question 3)
Cloud forensics also faces several challenges, as depicted in
Table VI. These challenges can vary in nature, encompassing
aspects such as physical location, SLA-based issues, or data-
related concerns. This table displays categories of challenges
along with their descriptions and recommendations. Addressing
these challenges requires a combination of technological
solutions, legal agreements, and skilled professionals trained in
the specific nuances of cloud forensic investigations.
TABLE VI. C
HALLENGES IN
C
LOUD
F
ORENSICS
Challenges Recommendations
Lack of forensic tools By hypervisor which allow live forensic.
Cloud service provider
dependance
Collect forensic data outside of cloud.
Logging issue We can remove it by the help of proper log-based
resources and
framework.
Cloud Forensic enabled
services
By using cloud forensic enabled frameworks
shown in
Table
VII
.
Lack of forensic capa-
bility and readiness
Cloud forensic readiness in organization-based
framework can be used.
Trust issue Can be remove by proper connection of VM and
cloud platform through reservoir.
Identification of mali-
cious actor
By using frameworks which control network traf-
fic and identify such actors.
Architecture based By using the framework which supported IaaS,
SaaS, and PaaS.
Collection of evidence By using frameworks which store information re-
lated to security.
Location based Cloud service provider should give resources
without location dependency.
Data related Data must be encrypted, and duplication must be
removed.
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
TABLE VII. CLOUD FORENSIC FRAMEWORKS, MODELS, PROCESSES
Sr/
No
Frameworks/ model/ process Ref.
No. of
Stages
Incident Identi-
fication & re-
porting
Case Initiation
& Planning
Evidence Collec-
tion & Acquisition
Evidence Exami-
nation & Analysis
Presentation &
Legal
Proceeding
01
Forensic computing process.
(McKemmish, 1999)
[5] 4 stages identification x preservation analysis presentation
02
Forensic process by NIST.
(Kent et al., 2006)
[6] 4 stages x x collection examination,
analysis
reporting
03
Forensic investigations process.
(Guo et al., 2012)
[7] 3 stages identification x preservation,
collection
x x
04
Cloud forensics process.
(Chen et al., 2012)
[8] 3 stages identification x preservation,
collection
x x
05
Integrated conceptual DFF for cloud
computing.
(Martini et al.,2012)
[9] 4 stages identification x preservation,
collection
examination,
analysis
reporting,
p
resentation
06
Live digital forensic framework for
cloud environment.
(Sibiya et al., 2012)
[10]
4 stages x monitoring
tests
live data collec-
tion, memory,
logs, cache, user
data
Log mining, data
extraction, find
relationships
Results presen-
tation
07
Cloud forensics maturity model.
(Ruan et al., 2013)
[11]
4 stages pre-investiga-
tive readiness,
investigative
interface
x proactive & reac-
tive data-coll, ev-
idence manage-
ment
core-forensic
process (exami-
nation, analysis)
supportive pro-
cess (case man-
agement)
08
Advanced data acquisition model.
(Adams, 2012)
[12]
4 stages Preparation,
notification,
awareness
onsite survey preservation,
collection,
documentation
x x
09
OpenStack cloud framework.
(Saibharath et al., 2014)
[13]
3 stages x x Data seizure,
acquisition
analysis x
10
Digital forensic framework for cloud.
(Shah et al., 2014)
[14]
4 stages cloud stack
identification
x Live/static data
acquisition
Data mining,
evidence analysis
presentation
11
Logging framework for cloud.
(Pătraşcu et al., 2014)
[15]
5 stages x manage, ena-
ble, cloud de-
ploy, virtual,
logging
raw data
gathering
analyzing, order-
ing, processing,
aggregating
result storage
and presentation
12
Framework for analyzing IaaS cloud.
(Ahmad et al., 2015)
[16]
8 stages IaaS formation,
detection
validate inci-
dent
response
capturing,
examination
analysis,
extraction
reporting
13
Cloud forensic framework for IaaS.
(Banas, 2015)
[17]
5 stages x x media
collection
data examination
and analysis
reporting
evidence
14
Open cloud forensics.
(Zawoad et al
.
, 2015)
[18]
6 stages identification x preservation,
co
llection
organization,
(examin & analy)
presentation,
verification
15
Cloud forensics logging framework.
(Faldu, 2016)
[19]
5 stages x cloud manage-
ment module
virtualization,
logging module
raw data,
processing layer
final data
16
Framework for data iden & collection in
mob cloud. (Faheem et al., 2016)
[20]
7 stages forensic log
info, identifica-
tion
x preservation,
collection
potential evi-
dence,
correlation
reporting
17
Open and continuous cloud forensic pro-
cess flow. (Datta et al., 2016)
[21]
4 stages identification x preservation,
collection
organization,
verification
presentation
18
Mobile cloud forensic framework.
(Faheem et al.,2016)
[22]
5 stages identification x preservation,
collection
osnit evidence
correlation
reporting
19
Framework for cyber physical cloud sys-
tem. (Ab Rahman et al., 2016)
[23]
5 stages identify poten-
tial evidence
sources
plan pre inci-
dent coll &
analysis, plan
detection
define storage,
evidence han-
dling
x x
20
Comparison framework for digital and
cloud forensic. (Simou et al., 2016)
[24]
4 stages identification x preservation,
collection, doc
examination,
analysis
presentation
21
Cloud forensic readiness framework for
organizations (Alenezi et al.,2017)
[25]
2 stages x x data collection
from literature,
industry stand-
ards
evaluate, analyse
CFR factors, rem
duplications
x
22
Cloud centric framework for isolating
Bigdata forensic evidence from IoT.
(Kebande et al., 2017)
[26]
11 stages Observe, iden-
tify
Deploy agent-
based solution
isolate, extract,
cluster evidence,
preserve, store
commence,
acquire,
investigate
x
23
Log aggregation forensic analysis frame-
work. (Ahmed Khan et al., 2017)
[27]
5 stages x x log acquisition
.and integration,
correlation, se-
quencing, analy-
sis, and reporting
x
24
Fuzzy data mining-based framework.
(Santra et al., 2018)
[28]
4 stages identification
of source
x data collection
from source
examination,
analysi
s
present
evidence
25
Forensic recovery of cloud evidence.
(Sampana et al., 2019)
[29]
6 stages x preparation and
isolation
collection and
storage
analysis reporting
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
TABLE VIII. CLOUD FORENSIC TOOLS
Sr
/
No
Tools
De
scription
1 EnCase This tool related to cloud forensic, IaaS based used
to collect data remotely from guest operating sys-
tem layer of cloud.
2 Diffy Diffy is a cloud-based tool. Used to help digital fo-
rensic and incident response team to find suspicious
host and cloud instances during incident.
3 FTK Forensic tool used to extract the desire information
that is present in the layer of guest operating system
of cloud, and it is used to scan the hard drive and
looking for evidence
.
4 FROST
Cloud, OpenStack, IaaS based tool used to find the
Api’s logs and Virtual disk and guest f
irewall logs
.
5 Oxygen Foren-
sics Suit
This tool helps in digital evidence collection from
cloud services used on smartphones.
6 SIFT Ubuntu based tool, SIFT or SANS is used for fo-
rensic analysis
and
incident response study
.
7 AWS-IR It is a python command line interface. It has two
functions key compromise, instance compromise.
8 UFED cloud
analyzer
Cloud based tool used for analyzing cloud data and
meta
-
data.
IV. CONCLUSION
The objective of this systematic literature review (SLR) is to
identify cloud forensic frameworks and tools used in cloud
forensics and to address challenges related to the field. Our goal
is to gather up-to-date information, which is why we have
included recent research studies in our field. We formulated
research questions to discover various frameworks and tools
used in cloud forensics and to identify potential shortcomings.
These frameworks enable cloud investigators to effectively
address various cybercrimes within cloud environments. We
have identified and synthesized research studies relevant to
cloud forensic investigation, with a focus on recent, English-
language studies. Furthermore, we can explore additional
resources from other digital libraries to further enrich our
research in our future work
REFERENCES
[1] B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey, and
S. Linkman, ‘Systematic literature reviews in software engineering - A
systematic literature review’, Inf. Softw. Technol., vol. 51, no. 1, pp. 7–
15, Jan. 2009.
[2] S. Naaz and F. Ahmad, ‘Comparitive Study of Cloud Forensics Tools’,
Commun. Appl. Electron., vol. 5, pp. 24–30, Jun. 2016.
[3] B. Manral, G. Somani, K.-K. R. Choo, M. Conti, and M. S. Gaur, ‘A
Systematic Survey on Cloud Forensics Challenges, Solutions, and Future
Directions’, ACM Comput. Surv., vol. 52, no. 6, p. 124:1-124:38, Nov.
2019.
[4] S. Simou, C. Kalloniatis, E. Kavakli, and S. Gritzalis, Cloud Forensics:
Identifying the Major Issues and Challenges, vol. 8484. 2014, p. 284.
[5] A. I. of McKemmish, ‘What is forensic computing?’, Australian Institute
ofCriminology,Jun.30.
[6] K. Kent, S. Chevalier, T. Grance, and H. Dang, ‘Guide to Integrating
Forensic Techniques into Incident Response’, National Institute of
Standards and Technology, NIST Special Publication (SP) 800-86, Sep.
2006.
[7] H. Guo, B. Jin, and T. Shang, ‘Forensic investigations in Cloud
environments’, in 2012 International Conference on Computer Science
and Information Processing (CSIP), Aug. 2012, pp. 248–251.
[8] G. Chen, Y. Du, P. Qin, and J. Du, ‘Suggestions to digital forensics in
Cloud computing ERA’, in 2012 3rd IEEE International Conference on
Network Infrastructure and Digital Content, Sep. 2012, pp. 540–544.
[9] B. Martini and K.-K. R. Choo, ‘An integrated conceptual digital forensic
framework for cloud computing’, Digit. Investig., vol. 9, no. 2, pp. 71–
80, Nov. 2012.
[10] G. Sibiya, H. Venter, and T. Fogwill, ‘Digital Forensic Framework for a
Cloud Environment’, May 2012. Accessed: May 31, 2023.
26
Heterogeneous joint cloud framework.
(Umar et al., 2019)
[30]
6 stages identification x preservation,
collection
examination,
analysis
presentation
27
Private cloud investigation framework.
(Sudyana et al., 2019)
[31]
5 stages identification x collection,
acquisition
investigation presentation
28
Framework for users in virtual environ-
ment of cloud. (Pandi Jain et al., 2020)
[32]
6 stages incident,
identification
x preservation,
collection, stor-
age
examination,
org, analysis
verification,
presentation
29
Dependable framework for forensic read-
iness in cloud. (Bhatia et al., 2020)
[33]
10 stages detection, con-
nection estab-
lishment
s
trategy, policy
making, ready
for execution
artifact identifica-
tion, collection,
and acquisition
org artifacts,
i
nvestigation and
analysis
outcome, report,
closure, preser-
vation
30
Forensics using intelligent edge compu-
ting. (Razaque et al., 2021)
[34]
8 stages detection response acquisition, rec-
ord, control, ex-
traction, preser-
v
ation
forensic analysis
report
forensic user
presentation
31
Framework for anti-forensic attacks in
the cloud. (Rani et al., 2021)
[35]
3 stages identification
of
suspected
packet
x packet marking traceback x
32
Cloud forensic readiness framework.
(Fadilla et al., 2022 )
[36]
5 stages resource
identification
policy and pro-
cedure
technical readi-
ness
forensic response
evaluation and
reporting
33
Multi source-based cloud forensic.
(Kumari et al., 2022)
[37]
11 stages awareness,
identification
preparation preservation,
collection, distri-
bution
pre analysis,
comparison,
final analysis
Result improve-
ment, reporting,
presentation
34
Forensic framework validation and cloud
forensic readiness. (Simou et al., 2022)
[38]
5 stages incident
confirmation,
identification
training and
planning
preserve,
update, collec-
tion, acquisition
examination,
analysis
presentation
35
A tamper proof cloud forensic frame-
work. (Ye et al., 2022)
[39]
4 stages identify tam-
pered evidence
x provenance data
gen, data collec-
tion from node
noise data, evi-
dence verifica-
tion
data release to
EVC and online
36
Cloud-based framework for digital foren-
sic investigation. (Prakash et al., 2022)
[40]
7 stages identification survey collection,
preservation,
investigator
examination,
analysis,
reconstruction
reporting,
presentation
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
[11] K. Ruan and J. Carthy, ‘Cloud Forensic Maturity Model’, in Digital
Forensics and Cyber Crime, M. Rogers and K. C. Seigfried-Spellar, Eds.,
in Lecture Notes of the Institute for Computer Sciences, Social
Informatics and Telecommunications Engineering. Berlin, Heidelberg:
Springer, 2013, pp. 22–41.
[12] R. Adams, ‘The Emergence of Cloud Storage and the Need for a New
Digital Forensic Process Model’, in Cybercrime and Cloud Forensics:
Applications for Investigation Processes, 2012, p. pages 79-104.
[13] S. Saibharath and G. Geethakumari, ‘Design and Implementation of a
forensic framework for Cloud in OpenStack cloud platform’, in 2014
International Conference on Advances in Computing, Communications
and Informatics (ICACCI), Sep2014, pp. 645650.
[14] J. J. Shah and L. G. Malik, ‘An approach towards digital forensic
framework for cloud’, in 2014 IEEE International Advance Computing
Conference (IACC), Feb. 2014, pp. 798–801.
[15] A. Pătraşcu and V.-V. Patriciu, ‘Logging framework for cloud computing
forensic environments’, in 2014 10th International Conference on
Communications (COMM), May 2014, pp. 1–4.
[16] S. Ahmad, N. L. Saad, Z. Zulkifli, and S. H. Nasaruddin, ‘Proposed
network forensic framework for analyzing IaaS cloud computing
environment’, in 2015 International Symposium on Mathematical
Sciences and Computing Research (iSMSC), May 2015, pp. 144–149.
[17] M. Banas, ‘Cloud Forensic Framework For IaaS With Support for
Volatile Memory’, Sep. 2015. Accessed: May 31, 2023.
[18] S. Zawoad, R. Hasan, and A. Skjellum, ‘OCF: An Open Cloud Forensics
Model for Reliable Digital Forensics’, in 2015 IEEE 8th International
Conference on Cloud Computing, Jun. 2015, pp. 437–444.
[19] A. Faldu, ‘Authentication Framework in Forensic Science with Cloud
Computing’, Int. J. Adv. Eng. Technol. Sci., vol. 2, p. 7, Jan. 2016.
[20] M. Faheem, D. Tahar, and D. An, ‘A Unified Forensic Framework for
Data Identification and Collection in Mobile Cloud Social Network
Applications’, Int. J. Adv. Comput. Sci. Appl., vol. 7, Jan. 2016.
[21] S. Datta, K. Majumder, and D. De, DCF: A novel dynamic forensic
framework towards cloud computing environment. 2016, p. 764.
[22] M. Faheem, N.-A. Le-Khac, and T. Kechadi, ‘Toward a new mobile cloud
forensic framework’, in 2016 Sixth International Conference on
Innovative Computing Technology (INTECH), Aug. 2016, pp. 736–742.
[23] N. H. Ab Rahman, W. B. Glisson, Y. Yang, and K.-K. R. Choo, ‘Forensic-
by-Design Framework for Cyber-Physical Cloud Systems’, IEEE Cloud
Comput., vol. 3, no. 1, pp. 50–59, Jan. 2016.
[24] S. Simou, C. Kalloniatis, S. Gritzalis, and H. Mouratidis, ‘A survey on
cloud forensics challenges and solutions’, Secur. Commun. Netw., vol. 9,
Nov. 2016.
[25] A. Alenezi, R. K. Hussein, R. J. Walters, and G. B. Wills, ‘A Framework
for Cloud Forensic Readiness in Organizations’, in 2017 5th IEEE
International Conference on Mobile Cloud Computing, Services, and
Engineering (MobileCloud), Apr. 2017, pp. 199–204.
[26] V. R. Kebande, N. M. Karie, and H. S. Venter, ‘Cloud-Centric Framework
for isolating Big data as forensic evidence from IoT infrastructures’, in
2017 1st International Conference on Next Generation Computing
Applications (NextComp), Jul. 2017, pp. 54–60.
[27] M. N. Ahmed Khan and S. Ullah, ‘A log aggregation forensic analysis
framework for cloud computing environments’, Comput. Fraud Secur.,
vol. 2017, no. 7, pp. 11–16, Jul. 2017.
[28] P. Santra, P. Roy, D. Hazra, and P. Mahata, ‘Fuzzy Data Mining-Based
Framework for Forensic Analysis and Evidence Generation in Cloud
Environment’, in Ambient Communications and Computer Systems, G.
M. Perez, S. Tiwari, M. C. Trivedi, and K. K. Mishra, Eds., in Advances
in Intelligent Systems and Computing. Singapore: Springer, 2018, pp.
119–129.
[29] S. S. Sampana, ‘FoRCE (Forensic Recovery of Cloud Evidence): A
Digital Cloud Forensics Framework’, in 2019 IEEE 12th International
Conference on Global Security, Safety and Sustainability (ICGS3), Jan.
2019, pp. 212–212.
[30] Z. Umar and E. Emmanuel, ‘A Framework for Digital Forensic in Joint
Heterogeneous Cloud Computing Environment’, J. Future Internet, vol.
3, pp. 1–11, Jun. 2019.
[31] D. Sudyana, N. Lizarti, and E. Erlin, ‘Forensic Investigation Framework
on Server Side of Private Cloud Computing’, Lontar Komput. J. Ilm.
Teknol. Inf., p. 181, Dec. 2019.
[32] G. Pandi Jain and K. Wandra, ‘Secured Forensic Framework for Various
Users in the Virtualized Environment of Cloud’, 2020, pp. 715–727.
[33] S. Bhatia and J. Malhotra, ‘CFRF: Cloud Forensic Readiness Framework
– A Dependable Framework for Forensic Readiness in Cloud Computing
Environment’, in Innovative Data Communication Technologies and
Application, J. S. Raj, A. Bashar, and S. R. J. Ramson, Eds., in Lecture
Notes on Data Engineering and Communications Technologies. Cham:
Springer International Publishing, 2020, pp. 765–775.
[34] A. Razaque, M. Aloqaily, M. Almiani, Y. Jararweh, and G. Srivastava,
‘Efficient and reliable forensics using intelligent edge computing’, Future
Gener. Comput. Syst., vol. 118, pp. 230–239, May 2021.
[35] R. Rani and G. Geethakumari, ‘A framework for the identification of
suspicious packets to detect anti-forensic attacks in the cloud
environment’, Peer--Peer Netw. Appl., vol. 14, pp. 1–14, Jul. 2021.
[36] M. Fadilla, B. Sugiantoro, and Y. Prayudi, ‘Membangun Framework
Konseptual Terintegrasi Menggunakan Metode Composite Logic untuk
Cloud Forensic Readiness pada Organisasi’, J. MEDIA Inform.
BUDIDARMA, vol. 6, pp. 144–153, Feb. 2022.
[37] N. Kumari and A. K. Mohapatra, ‘A Novel Framework For Multi Source
Based Cloud Forensic’, in 2022 6th International Conference on
Computing Methodologies and Communication (ICCMC), Mar. 2022,
pp. 1–7.
[38] S. Simou, C. Kalloniatis, S. Gritzalis, V. Katos, and M. Psalidas, ‘Revised
forensic framework validation and cloud forensic readiness’, Int. J.
Electron. Gov., vol. 14, p. 236, Jan. 2022.
[39] F. Ye, Y. Zheng, X. Fu, B. Luo, X. Du, and M. Guizani, ‘TamForen : A
tamper‐proof cloud forensic framework’, Trans. Emerg. Telecommun.
Technol., vol. 33, Apr. 2022.
[40] V. Prakash, A. Williams, L. Garg, P. Barik, and R. K. Dhanaraj, ‘Cloud-
Based Framework for Performing Digital Forensic Investigations’, Int. J.
Wirel. Inf. Netw., vol. 29, no. 4, pp. 419–441, Dec. 2022.
Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on January 23,2024 at 14:17:16 UTC from IEEE Xplore. Restrictions apply.
