A Cloud Forensics Framework to Identify, Gather, and Analyze Cloud Computing Incidents


  • Rafef Al-mugern Faculty of Computing, Universiti Teknologi Malaysia, Malaysia | Department of Computer Science, Shaqra University, Saudi Arabia
  • Siti Hajar Othman Faculty of Computing, Universiti Teknologi Malaysia, Malaysia
  • Arafat Al-Dhaqm Computer & Information Sciences Department, Universiti Teknologi PETRONAS, Malaysia
  • Abdulalem Ali Institute of Computer Science and Digital Innovation, UCSI University, Malaysia
Volume: 14 | Issue: 3 | Pages: 14483-14491 | June 2024 | https://doi.org/10.48084/etasr.7185


The focus of cloud forensics is cyber-crime cases, no matter the object, the subject, or the environment involved. Each cloud computing environment has a variety of features that make it unique. Challenges associated with cloud forensics can be found at every stage of the digital forensics process. We need to begin by understanding the cloud forensics landscape (the cloud) in order to provide a holistic solution to overcome these challenges. While designing the cloud forensics framework, the elements that make up the cloud should be taken into consideration, which also impact the forensics process within the cloud. An extensive survey of the current state of research in cloud forensics is presented in this paper. Also, a conceptual cloud forensics framework that facilitates the identification, gathering, and analysis of cloud computing events is proposed, utilizing the design science approach. The proposed conceptual cloud forensics framework consists of six stages: identifying incidents, gathering evidence, preserving evidence, analyzing incidents, documenting incidents, and investigating post-incident events. Each stage has several activities and tasks to assist investigators dealing with cloud computing events. Unlike traditional approaches to cloud forensic investigations, the conceptual framework developed in this study is highly applicable.


Clouding computing, Cloud forensics, Digital forensics, Design science


Download data is not yet available.


S. Singh, Y.-S. Jeong, and J. H. Park, "A survey on cloud computing security: Issues, threats, and solutions," Journal of Network and Computer Applications, vol. 75, pp. 200–222, Nov. 2016.

J. W. Rittinghouse and J. F. Ransome, Cloud Computing: Implementation, Management, and Security. Boca Raton, FL, USA: CRC Press, 2009.

P. Purnaye and V. Kulkarni, "A Comprehensive Study of Cloud Forensics," Archives of Computational Methods in Engineering, vol. 29, no. 1, pp. 33–46, Jan. 2022.

R. Al-Mugerrn, A. Al-Dhaqm, and S. H. Othman, "A Metamodeling Approach for Structuring and Organizing Cloud Forensics Domain," in International Conference on Smart Computing and Application, Hail, Saudi Arabia, Feb. 2023, pp. 1–5.

J. Dykstra and A. T. Sherman, "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques," Digital Investigation, vol. 9, pp. S90–S98, Aug. 2012.

A. K. Mishra, P. Matta, E. S. Pilli, and R. C. Joshi, "Cloud Forensics: State-of-the-Art and Research Challenges," in International Symposium on Cloud and Services Computing, Mangalore, India, Dec. 2012, pp. 164–170.

E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, "Internet of Things Forensics: Challenges and approaches," in 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, USA, Oct. 2013, pp. 608–615.

F. Daryabar, A. Dehghantanha, N. I. Udzir, N. F. binti M. Sani, S. bin Shamsuddin, and F. Norouzizadeh, "A survey about impacts of cloud computing on digital forensics," International Journal of Cyber-Security and Digital Forensics, vol. 2, no. 2, pp. 77–95, Apr. 2013.

A. Pichan, M. Lazarescu, and S. T. Soh, "Cloud forensics: Technical challenges, solutions and comparative analysis," Digital Investigation, vol. 13, pp. 38–57, Jun. 2015.

S. Khan et al., "Cloud Log Forensics: Foundations, State of the Art, and Future Directions," ACM Computing Surveys, vol. 49, no. 1, pp. 1–42, Feb. 2016.

M. Harbawi and A. Varol, "An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework," in 5th International Symposium on Digital Forensic and Security, Tirgu Mures, Romania, Apr. 2017, pp. 1–6.

M. E. Alex and R. Kishore, "Forensics framework for cloud computing," Computers & Electrical Engineering, vol. 60, pp. 193–205, May 2017.

A. Pichan, M. Lazarescu, and S. T. Soh, "Towards a practical cloud forensics logging framework," Journal of Informatin Security and Applications, vol. 42, pp. 18–28, Oct. 2018.

M. Alkhanafseh, M. Qatawneh, and W. Almobaideen, "A Survey of Various Frameworks and Solutions in all Branches of Digital Forensics with a Focus on Cloud Forensics," International Journal of Advanced Computer Science and Applications, vol. 10, no. 8, pp. 610–629, Jan. 2019.

R. Fernandes, R. M. Colaco, S. Shetty, and R. Moorthy H., "A New Era of Digital Forensics in the form of Cloud Forensics: A Review," in Second International Conference on Inventive Research in Computing Applications, Coimbatore, India, Jul. 2020, pp. 422–427.

S. A. Ali, S. Memon, and F. Sahito, "Analysis of Cloud Forensics Techniques for Emerging Technologies," in International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications, Tirana, Albania, Dec. 2020, pp. 106–111.

A. Ghosh, D. De, and K. Majumder, "A Systematic Review of Log-Based Cloud Forensics," in Inventive Computation and Information Technologies, S. Smys, V. E. Balas, K. A. Kamel, and P. Lafata, Eds. New York, NY, USA: Springer, 2021, pp. 333–347.

A. A. Khan, A. A. Shaikh, A. A. Laghari, and M. M. Rind, "Cloud forensics and digital ledger investigation: a new era of forensics investigation," International Journal of Electronic Security and Digital Forensics, vol. 15, no. 1, pp. 1–23, Jan. 2023.

E. Bunde, "AI-Assisted and Explainable Hate Speech Detection for Social Media Moderators – A Design Science Approach," in 54th Hawaii International Conference on System Sciences, Maui, HI, USA, Jan. 2021, pp. 1264–1273.

L. A. Holt and M. Hammoudeh, "Cloud Forensics: A Technical Approach to Virtual Machine Acquisition," in European Intelligence and Security Informatics Conference, Uppsala, Sweden, Aug. 2013, pp. 227–227.

A. K. Mishra, E. S. Pilli, and M. C. Govil, "A Prototype Implementation of Log Acquisition in Private Cloud Environment," in 3rd International Conference on Eco-friendly Computing and Communication Systems, Mangalore, India, Dec. 2014, pp. 223–228.

S. Almulla, Y. Iraqi, and A. Jones, "Cloud forensics: A research perspective," in 9th International Conference on Innovations in Information Technology, Al Ain, United Arab Emirates, Mar. 2013, pp. 66–71.

S. Saibharath and G. Geethakumari, "Cloud forensics: Evidence collection and preliminary analysis," in International Advance Computing Conference, Banglore, India, Jun. 2015, pp. 464–467.

S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, "A forensic acquisition and analysis system for IaaS," Cluster Computing, vol. 19, no. 1, pp. 439–453, Mar. 2016.

E. Morioka and M. S. Sharbaf, "Digital forensics research on cloud computing: An investigation of cloud forensics solutions," in Symposium on Technologies for Homeland Security, Waltham, MA, USA, Dec. 2016, pp. 1–6.

N. Thethi and A. Keane, "Digital forensics investigations in the Cloud," in International Advance Computing Conference, Gurgaon, India, Feb. 2014, pp. 1475–1480.

S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, "A forensic acquisition based upon a cluster analysis of non-volatile memory in IaaS," in 2nd International Conference on Anti-Cyber Crimes, Abha, Saudi Arabia, Mar. 2017, pp. 123–128.

R. Jabir and O. Alfandi, "Cloud Digital Forensics Evaluation and Crimes Detection," in International Conference on Emerging Technologies for Developing Countries, Cotonou, Benin, Dec. 2018, pp. 171–180.

E. E.-D. Hemdan and D. H. Manjaiah, "CFIM: Toward Building New Cloud Forensics Investigation Model," in Innovations in Electronics and Communication Engineering, H. S. Saini, R. K. Singh, and K. S. Reddy, Eds. New York, NY, USA: Springer, 2018, pp. 545–554.

V. R. Kebande and H. S. Venter, "On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges," Australian Journal of Forensic Sciences, vol. 50, no. 2, pp. 209–238, Mar. 2018.

V. R. Kebande and H. S. Venter, "Novel digital forensic readiness technique in the cloud environment," Australian Journal of Forensic Sciences, vol. 50, no. 5, pp. 552–591, Sep. 2018.

M. A. Pramanik, "CeFF: A Frameword for Forensics Enabled Cloud Investigation," M.S. thesis, University of East London, London, UK, 2019.

S. A. Kristyan, Suhardi, and T. Juhana, "Modeling Cloud Forensics Readiness using MetaAnalysis Approach," in International Conference on Information Technology Systems and Innovation, Bandung, Indonesia, Oct. 2020, pp. 364–369.

S. N. Joshi and G. R. Chillarge, "Secure Log Scheme for Cloud Forensics," in Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, Oct. 2020, pp. 188–193.

J. Williams, A. MacDermott, K. Stamp, and F. Iqbal, "Forensic Analysis of Fitbit Versa: Android vs iOS," in Security and Privacy Workshops, San Francisco, CA, USA, Dec. 2021, pp. 318–326.

E. E.-D. Hemdan and D. H. Manjaiah, "An efficient digital forensic model for cybercrimes investigation in cloud computing," Multimedia Tools and Applications, vol. 80, no. 9, pp. 14255–14282, Apr. 2021.

V. R. Kebande, N. Karie, R. Ikuesan, and H. S. Venter, "Ontology-driven perspective of CFRaaS," WIREs Forensics Science, vol. 2, no. 5, 2020, Art. no. e1372.


How to Cite

R. Al-mugern, S. H. Othman, A. Al-Dhaqm, and A. Ali, “A Cloud Forensics Framework to Identify, Gather, and Analyze Cloud Computing Incidents”, Eng. Technol. Appl. Sci. Res., vol. 14, no. 3, pp. 14483–14491, Jun. 2024.


Abstract Views: 178
PDF Downloads: 76

Metrics Information

Most read articles by the same author(s)