Analysis of Digital Investigation Techniques in Cloud Computing Paradigm


Muhammad Naeem Ahmed Khan
Shah Wali Ullah
Abdur Rahman Khan
Khalid Khan


Data security has always been the most essential aspect of computing. Many users when connected on the cloud do not know that they could be victim of cybercrime. Cloud computing being a mega network spread globally, majority of cloud users mostly use it to benefit from the availability of mass storage. Due to increasing use of storage services, it is possible for malicious users to misuse cloud storage services. Cloud computing is flourishing at a greater speed and likewise security risks on cloud are also increasing day by day. A key challenge of cloud forensics is that the cloud service providers have not yet established forensic capabilities to support investigations in case of a digital compromise. Cloud Forensics has three dimensions: technical, organizational and legal. Technical Dimension includes tools required to perform forensic investigations, proactive measures, data collection, data labeling and evidence segregation. Evidentiary data collection in cloud environment is another main challenge as it is stored at providers and customers end. Organizational dimension is not only restricted to cloud providers and customers, but it widens when providers outsource their services to third parties. Legal dimension covers SLAs and jurisdiction issues to ensure data security. A critical evaluation of digital forensic investigations of cloud storage services is necessary to determine key challenges associated to this field. The focus of this study is to explore various digital forensic analysis approaches that facilitate speedy and authentic analysis of the incriminating activities happened on the cloud environment. In this study, we have evaluated different cloud forensics frameworks and techniques and have identified main key challenges related to cloud forensics. The study findings are reported herein.


How to Cite
Muhammad Naeem Ahmed Khan, Shah Wali Ullah, Abdur Rahman Khan, & Khalid Khan. (2018). Analysis of Digital Investigation Techniques in Cloud Computing Paradigm. International Journal of Next-Generation Computing, 9(3), 251–259.


  1. Bashir, M. S. and Khan, M. 2013. Triage in live digital forensic analysis. International journal of Forensic Computer Science 1, 35–44
  2. ChengYan. 2011. Cybercrime forensic system in cloud computing. In 2011 International Conference on Image Analysis and Signal Processing. 612–615.
  3. Chung, H., Park, J., Lee, S., and Kang, C. 2012. Digital forensic investigation of cloud storage services. Digital investigation 9, 2, 81–95
  4. Damshenas, M., Dehghantanha, A., Mahmoud, R., and bin Shamsuddin, S. 2012. Forensics investigation challenges in cloud computing environments. In Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). 190–194
  5. Dykstra, J. and Sherman, A. T. 2012. Acquiring forensic evidence from infrastructure-asa-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation 9, S90–S98
  6. Dykstra, J. and Sherman, A. T. 2013. Design and implementation of frost: Digital forensic tools for the openstack cloud computing platform. Digital Investigation 10, S87–S95.
  7. Federici, C. 2014. Cloud data imager: A unified answer to remote acquisition of cloud storage areas. Digital Investigation 11, 1, 30–42.
  8. Hale, J. S. 2013. Amazon cloud drive forensic analysis. Digital Investigation 10, 3, 259–265.
  9. Khan, M., Chatwin, C. R., and Young, R. C. 2007a. A framework for post-event timeline reconstruction using neural networks. digital investigation 4, 3-4, 146–157
  10. Khan, M. and Wakeman, I. Machine learning for post-event timeline reconstruction. Citeseer.
  11. Khan, M. N. A. 2012. Performance analysis of bayesian networks and neural networks in classification of file system activities. Computers & Security 31, 4, 391–401.
  12. Khan, M. N. A., Chatwin, C. R., and Young, R. 2007b. Extracting evidence from filesystem activity using bayesian networks. International journal of Forensic computer science 1, 50– 63.
  13. Khan, M. N. A. and Ullah, S. 2017. A log aggregation forensic analysis framework for cloud computing environments. Computer Fraud & Security 2017, 7, 11–16.
  14. Martini, B. and Choo, K.-K. R. 2012. An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9, 2, 71 – 80.
  15. McKemmish, R. 1999. What is forensic computing?
  16. Pasquale, L., Hanvey, S., Mcgloin, M., and Nuseibeh, B. 2016. Adaptive evidence collection in the cloud using attack scenarios. Computers & Security 59, 236–254.
  17. Pichan, A., Lazarescu, M., and Soh, S. T. 2015. Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation 13, 38–57.
  18. Quick, D. and Choo, K.-K. R. 2014. Google drive: forensic analysis of data remnants. Journal of Network and Computer Applications 40, 179–193.
  19. Rafique, M. and Khan, M. 2013. Exploring static and live digital forensics: Methods, practices and tools. International Journal of Scientific & Engineering Research 4, 10, 1048–1056.
  20. Rahman, S. and Khan, M. 2015. Review of live forensic analysis techniques. International Journal of Hybrid Information Technology 8, 2, 379–88.
  21. Ruan, K., Carthy, J., Kechadi, T., and Baggili, I. 2013. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation 10, 1, 34–43.
  22. Sang, T. 2013. A log based approach to make digital forensics easier on cloud computing. In 2013 Third International Conference on Intelligent System Design and Engineering Applications. 91–94.
  23. Simou, S., Kalloniatis, C., Mouratidis, H., and Gritzalis, S. 2015. Towards the development of a cloud forensics methodology: a conceptual model. In International Conference on Advanced Information Systems Engineering. Springer, 470–481
  24. Taylor, M., Haggerty, J., Gresty, D., and Hegarty, R. 2010. Digital evidence in cloud computing systems. Computer law & security review 26, 3, 304–308.
  25. Taylor, M., Haggerty, J., Gresty, D., and Lamb, D. 2011. Forensic investigation of cloud computing systems. Network Security 2011, 3, 4 – 10.
  26. Zawoad, S., Dutta, A. K., and Hasan, R. 2013. Seclaas: secure logging-as-a-service for cloud forensics. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM, 219–230.