survey

A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions

Authors:
Bharat Manral

Central University of Rajasthan, Ajmer, India

Central University of Rajasthan, Ajmer, India

0000-0002-2608-1748
View Profile

,
Gaurav Somani

Central University of Rajasthan, Ajmer, India

Central University of Rajasthan, Ajmer, India

0000-0001-7147-165X
View Profile

,
Kim-Kwang Raymond Choo

University of Texas at San Antonio, San Antonio, TX, USA

University of Texas at San Antonio, San Antonio, TX, USA

0000-0001-9208-5336
View Profile

,
Mauro Conti

University of Padua, Padua, Veneto, Italy

University of Padua, Padua, Veneto, Italy

0000-0002-3612-1934
View Profile

,
Manoj Singh Gaur

Indian Institute of Technology, Jammu, Jammu and Kashmir, India

Indian Institute of Technology, Jammu, Jammu and Kashmir, India

0000-0002-0497-721X
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 52 Issue 6Article No.: 124pp 1–38https://doi.org/10.1145/3361216

Published:14 November 2019Publication History

ACM Computing Surveys

Abstract

The challenges of cloud forensics have been well-documented by both researchers and government agencies (e.g., U.S. National Institute of Standards and Technology), although many of the challenges remain unresolved. In this article, we perform a comprehensive survey of cloud forensic literature published between January 2007 and December 2018, categorized using a five-step forensic investigation process. We also present a taxonomy of existing cloud forensic solutions, with the aim of better informing both the research and practitioner communities, as well as an in-depth discussion of existing conventional digital forensic tools and cloud-specific forensic investigation tools. Based on the findings from the survey, we present a set of design guidelines to inform future cloud forensic investigation processes, and a summary of digital artifacts that can be obtained from different stakeholders in the cloud computing architecture/ecosystem.

References

Nurul Hidayah Ab Rahman, Niken Dwi Wahyu Cahyani, and Kim-Kwang Raymond Choo. 2017. Cloud incident handling and forensic-by-design: Cloud storage as a case study. Concurr. Comput.: Pract. Exper. 29, 14 (2017), e3868.Google ScholarCross Ref
Nurul Hidayah Ab Rahman, William Bradley Glisson, Yanjiang Yang, and Kim-Kwang Raymond Choo. 2016. Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 3, 1 (2016), 50--59.Google ScholarCross Ref
Imad M. Abbadi, John Lyle et al. 2011. Challenges for provenance in cloud computing. In Proceedings of the International Workshop on Theory and Practice of Provenance (TaPP’11).Google Scholar
MA Manazir Ahsan, Ainuddin Wahid Abdul Wahab, Mohd Yamani Idna Idris, Suleman Khan, Eric Bachura, and Kim-Kwang Raymond Choo. 2018. CLASS: Cloud log assuring soundness and secrecy scheme for cloud forensics. IEEE Trans. Sustain. Comput. 60, C (2018), 193--205.Google Scholar
M. Edington Alex and R. Kishore. 2017. Forensics framework for cloud computing. Comput. Electr. Eng. 60 (2017), 193--205.Google ScholarDigital Library
Syed Ahmed Ali, Shahzad Memon, and Farhan Sahito. 2018. Challenges and solutions in cloud forensics. In Proceedings of the 2nd International Conference on Cloud and Big Data Computing (ICCBDC’18). ACM, New York, NY, 6--10.Google ScholarDigital Library
Sameera Almulla, Youssef Iraqi, and Andrew Jones. 2014. A state-of-the-art review of cloud forensics. J. Dig. Forens. Secur. Law 9, 4 (2014), 2.Google Scholar
Sameera Almulla, Youssef Iraqi, and Andrew Jones. 2016. Digital forensic of a cloud-based snapshot. In Proceedings of the 6th International Conference on Innovative Computing Technology (INTECH’16). 724--729.Google ScholarCross Ref
Saad Alqahtany, Nathan Clarke, Steven Furnell, and Christoph Reich. 2015. Cloud forensics: A review of challenges, solutions and open problems. In Proceedings of the International Conference on Cloud Computing (ICCC’15). IEEE, 1--9.Google ScholarCross Ref
Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. 2012. Securing data provenance in the cloud. In Open Problems in Network Security. Springer, 145--160.Google Scholar
Siamak Azodolmolky, Philipp Wieder, and Ramin Yahyapour. 2013. SDN-based cloud computing networking. In Proceedings of the 15th International Conference on Transparent Optical Networks (ICTON’13). IEEE, 1--4.Google ScholarCross Ref
Azodolmolky, Siamak and Wieder, Philipp and Yahyapour, Ramin. 2013. Cloud computing networking: Challenges and opportunities for innovations. IEEE Commun. Mag. 51, 7 (2013), 54--62.Google ScholarCross Ref
Hyun Baek, Abhinav Srivastava, and Jacobus Van der Merwe. 2014. Cloudvmi: Virtual machine introspection as a cloud service. In Proceedings of the International Conference on Cloud Engineering (IC2E’14). IEEE, 153--158.Google ScholarDigital Library
James Baldwin, Omar M. K. Alhawi, Simone Shaughnessy, Alex Akinbi, and Ali Dehghantanha. 2018. Emerging from the cloud: A bibliometric analysis of cloud forensics studies. Cyber Threat Intell. (2018), 311--331. DOI:10.1007/978-3-319-73951-9_16Google Scholar
Adam Bates, Kevin Butler, Andreas Haeberlen, Micah Sherr, and Wenchao Zhou. 2014. Let SDN be your eyes: Secure forensics in data center networks. In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT’14).Google ScholarCross Ref
Abha Belorkar and G. Geethakumari. 2011. Regeneration of events using system snapshots for cloud forensic analysis. In Proceedings of the India Conference (INDICON’11). IEEE, 1--4.Google Scholar
Adam J. Brown, William Bradley Glisson, Todd R. Andel, and Kim-Kwang Raymond Choo. 2018. Cloud forecasting: Legal visibility issues in saturated environments. Comput. Law Secur. Rev. 34, 6 (2018), 1278--1290.Google ScholarCross Ref
Niken Dwi Wahyu Cahyani, Ben Martini, Kim-Kwang Raymond Choo, and AKBP Muhammad Nuh Al-Azhar. 2017. Forensic data acquisition from cloud-of-things devices: Windows smartphones as a case study. Concurr. Comput.: Pract. Exper. 29, 14 (2017), e3855.Google ScholarCross Ref
Aniello Castiglione, Giuseppe Cattaneo, Giancarlo De Maio, Alfredo De Santis, and Gianluca Roscigno. 2017. A novel methodology to acquire live big data evidence from the cloud. IEEE Trans. Big Data 99 (2017), 1--14. DOI:10.1109/TBDATA.2017.2683521Google ScholarCross Ref
Kim-Kwang Raymond Choo. 2007. Zombies and botnets.Trends Iss. Crime Crim. Just. 333 (2007), 1--6.Google Scholar
Kim-Kwang Raymond Choo, Christian Esposito, and Aniello Castiglione. 2017. Evidence and forensics in the cloud: Challenges and future research directions. IEEE Cloud Comput. 4, 3 (2017), 14--19.Google ScholarCross Ref
Hyunji Chung, Jungheum Park, Sangjin Lee, and Cheulhoon Kang. 2012. Digital forensic investigation of cloud storage services. Dig. Investig. 9, 2 (2012), 81--95.Google ScholarCross Ref
Dr. Fred Cohen. 2011. Metrics for digital forensics. Retrieved on October 12, 2018 from http://securitymetrics.org/attachments/Metricon-5.5-Cohen-Metrics-in-Digital-Forensics.pdf.Google Scholar
Gartner Risk Management Leadership Council. 2018. Top 10 Emerging Risks of Q2 2018. Retrieved on September 17, 2018 from https://www.gartner.com/en/audit-risk/trends/top-ten-emerging-risks.Google Scholar
Farid Daryabar, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2017. Cloud storage forensics: MEGA as a case study. Austral. J. Forens. Sci. 49, 3 (2017), 344--357.Google ScholarCross Ref
Farid Daryabar, Ali Dehghantanha, Nur Izura Udzir, Solahuddin bin Shamsuddin, Farhood Norouzizadeh et al. 2013. A survey about impacts of cloud computing on digital forensics. Int. J. Cyber-Secur. Dig. Forens. 2, 2 (2013), 77--95.Google Scholar
Lucia De Marco, M. Tahar Kechadi, and Filomena Ferrucci. 2013. Cloud forensic readiness: Foundations. In Proceedings of the International Conference on Digital Forensics and Cyber Crime. Springer, 237--244.Google Scholar
Waldo Delport, Michael Köhn, and Martin S. Olivier. 2011. Isolating a cloud instance for a digital forensic investigation. In Proceedings of the International Information Security South Africa Conference (ISSA’11).Google Scholar
Waldo Delport and Martin Olivier. 2012. Isolating instances in cloud forensics. In Proceedings of the IFIP International Conference on Digital Forensics. Springer, 187--200.Google ScholarCross Ref
Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. A cloud-focused mobile forensics methodology. IEEE Cloud Comput. 2, 4 (2015), 60--65.Google ScholarCross Ref
Josiah Dykstra and Alan T. Sherman. 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Dig. Investig. 9 (2012), S90--S98.Google ScholarCross Ref
Christian J. D’Orazio and Kim-Kwang Raymond Choo. 2017. A technique to circumvent SSL/TLS validations on iOS devices. Future Gen. Comput. Syst. 74 (2017), 366--374.Google ScholarCross Ref
Corrado Federici. 2014. Cloud data imager: A unified answer to remote acquisition of cloud storage areas. Dig. Investig. 11, 1 (2014), 30--42.Google ScholarCross Ref
Tal Garfinkel, Mendel Rosenblum et al. 2003. A virtual machine introspection-based architecture for intrusion detection. In Proceedings of the Network and Distributed System Security Symposium (NDSS’03), Vol. 3. 191--206.Google Scholar
Tobias Gebhardt and Hans P. Reiser. 2013. Network forensics for cloud computing. In Proceedings of the IFIP International Conference on Distributed Applications and Interoperable Systems. Springer, 29--42.Google Scholar
George Grispos, Tim Storer, and William Bradley Glisson. 2012. Calm before the storm: The challenges of cloud computing in digital forensics. Int. J. Dig. Crime Forens. 4, 2 (2012), 28--48.Google ScholarCross Ref
Jason S. Hale. 2013. Amazon cloud drive forensic analysis. Dig. Investig. 10, 3 (2013), 259--265.Google ScholarDigital Library
Josiah Dykstra and Alan T. Sherman. 2013. Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Dig. Investig. 10 (2013), S87--S95.Google ScholarDigital Library
Ardalan Kangarlou, Patrick Eugster, and Dongyan Xu. 2009. Vnsnap: Taking snapshots of virtual networked environments with minimal downtime. In Proceedings of the Conference on Dependable Systems and Networks. IEEE, 524--533.Google ScholarCross Ref
Victor Kebande and H. S. Venter. 2015. A functional architecture for cloud forensic readiness large-scale potential digital evidence analysis. In Proceedings of the European Conference on Cyber Warfare and Security. Academic Conferences Int’l Limited, 373.Google Scholar
Victor R. Kebande and Hein S. Venter. 2014. A cloud forensic readiness model using a Botnet as a Service. In Proceedings of the International Conference on Digital Security and Forensics. The Society of Digital Information and Wireless Communication, 23--32.Google Scholar
Victor R. Kebande and Hein S. Venter. 2018. On digital forensic readiness in the cloud using a distributed agent-based solution: Issues and challenges. Austral. J. Forens. Sci. 50, 2 (2018), 209--238.Google ScholarCross Ref
Suleman Khan, Abdullah Gani, Ainuddin Wahid Abdul Wahab, Ahmed Abdelaziz, and Mustapha Aminu Bagiwa. 2016. FML: A novel forensics management layer for software defined networks. In Proceedings of the 6th International Conference on Cloud System and Big Data Engineering (Confluence’16) IEEE, 619--623.Google ScholarCross Ref
Suleman Khan, Abdullah Gani, Ainuddin Wahid Abdul Wahab, Ahmed Abdelaziz, Kwangman Ko, Muhammad Khurram Khan, and Mohsen Guizani. 2016. Software-defined network forensics: Motivation, potential locations, requirements, and challenges. IEEE Netw. 30, 6 (2016), 6--13.Google ScholarDigital Library
Suleman Khan, Abdullah Gani, Ainuddin Wahid Abdul Wahab, Mustapha Aminu Bagiwa, Muhammad Shiraz, Samee U. Khan, Rajkumar Buyya, and Albert Y. Zomaya. 2016. Cloud log forensics: Foundations, state of the art, and future directions. ACM Comput. Surveys 49, 1 (2016), 7.Google ScholarDigital Library
Suleman Khan, Abdullah Gani, Ainuddin Wahid Abdul Wahab, Muhammad Shiraz, and Iftikhar Ahmad. 2016. Network forensics: Review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66 (2016), 214--235.Google ScholarDigital Library
Jin Li, Xiaofeng Chen, Qiong Huang, and Duncan S. Wong. 2014. Digital provenance: Enabling secure data forensics in cloud computing. Future Gen. Comput. Syst. 37 (2014), 259--266.Google ScholarCross Ref
Xiao-Yong Li, Li-Tao Zhou, Yong Shi, and Yu Guo. 2010. A trusted computing environment model in cloud architecture. In Proceedings of the International Conference on Machine Learning and Cybernetics (ICMLC’10), Vol. 6. IEEE, 2843--2848.Google ScholarCross Ref
Dongxi Liu, Jack Lee, Julian Jang, Surya Nepal, and John Zic. 2010. A cloud architecture of virtual trusted platform modules. In Proceedings of the IEEE/IFIP International Conference on Embedded and Ubiquitous Computing. IEEE, 804--811.Google ScholarDigital Library
Zhenbang Liu and Hengming Zou. 2014. Poster: A proactive cloud-based cross-reference forensic framework. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1475--1477.Google ScholarDigital Library
Rongxing Lu, Xiaodong Lin, Xiaohui Liang, and Xuemin Sherman Shen. 2010. Secure provenance: The essential of bread and butter of data forensics in cloud computing. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 282--292.Google ScholarDigital Library
Ben Martini and Kim-Kwang Raymond Choo. 2012. An integrated conceptual digital forensic framework for cloud computing. Dig. Investig. 9, 2 (2012), 71--80.Google ScholarCross Ref
Ben Martini and Kim-Kwang Raymond Choo. 2014. Cloud forensic technical challenges and solutions: A snapshot. IEEE Cloud Comput. 1, 4 (2014), 20--25.Google ScholarCross Ref
Raffael Marty. 2011. Cloud application logging for forensics. In Proceedings of the ACM Symposium on Applied Computing. ACM, 178--184.Google ScholarDigital Library
McAfee. 2016. Cloud Adoption and Risk Report. Retrieved on July 12, 2018 from https://www.skyhighnetworks.com/cloud-report/.Google Scholar
McAfee. 2018. Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security. Retrieved on November 04, 2018 from https://www.mcafee.com/enterprise/en-us/solutions/lp/cloud-security-report.html.Google Scholar
P. Mell and T. Grance. 2014. NIST cloud computing forensic science challenges. Draft Nistir 8006 (2014).Google Scholar
Shaik Khaja Mohiddin, Suresh Babu Yalavarthi, and Shaik Sharmila. 2017. A complete ontological survey of cloud forensic in the area of cloud computing. In Proceedings of the 6th International Conference on Soft Computing for Problem Solving. Springer, 38--47.Google ScholarCross Ref
SeyedHossein Mohtasebi, Ali Dehghantanha, and K.-K. R. Choo. 2017. Cloud storage forensics: Analysis of data remnants on SpiderOak, JustCloud, and pCloud. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications. Elsevier, 205--246.Google Scholar
Kiran-Kumar Muniswamy-Reddy, Peter Macko, and Margo I Seltzer. 2010. Provenance for the cloud. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST’10), Vol. 10.Google Scholar
Kiran-Kumar Muniswamy-Reddy and Margo Seltzer. 2010. Provenance as first class cloud data. ACM SIGOPS Operat. Syst. Rev. 43, 4 (2010), 11--16.Google ScholarDigital Library
National Institute of Standards and Technology. 2018. Computer Forensics Tool Catalog. Retrieved from https://toolcatalog.nist.gov.Google Scholar
Alecsandru Patrascu and Victor-Valeriu Patriciu. 2014. Logging system for cloud computing forensic environments. J. Control Eng. Appl. Info. 16, 1 (2014), 80--88.Google Scholar
Jonas Pfoh, Christian Schneider, and Claudia Eckert. 2009. A formal model for virtual machine introspection. In Proceedings of the 1st ACM Workshop on Virtual Machine Security. ACM, 1--10.Google ScholarDigital Library
Ameer Pichan, Mihai Lazarescu, and Sie Teng Soh. 2015. Cloud forensics: Technical challenges, solutions and comparative analysis. Dig. Investig. 13 (2015), 38--57.Google ScholarDigital Library
James Poore, Juan Carlos Flores, and Travis Atkison. 2013. Evolution of digital forensics in virtualization by using virtual machine introspection. In Proceedings of the 51st ACM Southeast Conference. ACM, 30.Google ScholarDigital Library
PricewaterhouseCoopers. 2016. Financial Services Technology 2020 and Beyond: Embracing disruption. Retrieved on November 01, 2018 from https://www.pwc.com/gx/en/financial-services/assets/pdf/technology2020-and-beyond.pdf.Google Scholar
Zhengwei Qi, Chengcheng Xiang, Ruhui Ma, Jian Li, Haibing Guan, and David S. L. Wei. 2017. ForenVisor: A tool for acquiring and preserving reliable data in cloud live forensics. IEEE Trans. Cloud Comput. 5, 3 (2017), 443--456. DOI:10.1109/tcc.2016.2535295Google ScholarCross Ref
Darren Quick and Kim-Kwang Raymond Choo. 2013. Dropbox analysis: Data remnants on user machines. Dig. Investig. 10, 1 (2013), 3--18.Google ScholarDigital Library
Darren Quick and Kim-Kwang Raymond Choo. 2013. Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Dig. Investig. 10, 3 (2013), 266--277.Google ScholarDigital Library
Darren Quick and Kim-Kwang Raymond Choo. 2014. Impacts of increasing volume of digital forensic data: A survey and future research challenges. Dig. Investig. 11, 4 (2014), 273--294.Google ScholarDigital Library
Darren Quick and Kim-Kwang Raymond Choo. 2018. IoT device forensics and data reduction. IEEE Access 6 (2018), 47566--47574.Google ScholarCross Ref
B. K. S. P. Raju, Nikhil Bharadwaj Gosala, and G. Geethakumari. 2017. CLOSER: Applying aggregation for effective event reconstruction of cloud service logs. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication. ACM, 62.Google Scholar
B. K. S. P. Kumar Raju and G. Geethakumari. 2018. Timeline-based cloud event reconstruction framework for virtual machine artifacts. In Progress in Intelligent Computing Techniques: Theory, Practice, and Applications. Springer, 31--42.Google Scholar
B. K. S. P. Kumar Raju and G. Geethakumari. 2019. SNAPS: Towards building snapshot-based provenance system for virtual machines in the cloud environment. Comput. Secur. 86 (2019), 92--111. DOI:https://doi.org/10.1016/j.cose.2019.05.020Google ScholarCross Ref
Sagar Rane and Arati Dixit. 2019. BlockSLaaS: Blockchain assisted secure logging-as-a-service for cloud forensics. In Proceedings of the International Conference on Security and Privacy. Springer, 77--88.Google ScholarCross Ref
Deevi Radha Rani and G. Geethakumari. 2015. An efficient approach to forensic investigation in cloud using VM snapshots. In Proceedings of the International Conference on Pervasive Computing (ICPC’15). IEEE, 1--5.Google Scholar
Andrew Reichman. 2011. File Storage Costs Less In The Cloud Than In-House. Retrieved on August 11, 2018 from https://media.amazonwebservices.com/Forrester_File_Storage_Costs_Less_In_The_Cloud.pdf.Google Scholar
Vassil Roussev, Irfan Ahmed, Andres Barreto, Shane McCulley, and Vivek Shanmughan. 2016. Cloud forensics--Tool development studies 8 future outlook. Dig. Investig. 18 (2016), 79--95.Google ScholarDigital Library
Vassil Roussev, Andres Barreto, and Irfan Ahmed. 2016. Forensic acquisition of cloud drives. arXiv preprint arXiv:1603.06542 (2016).Google Scholar
Vassil Roussev and Shane McCulley. 2016. Forensic analysis of cloud-native artifacts. Dig. Investig. 16 (2016), S104--S113.Google ScholarDigital Library
Keyun Ruan, Joe Carthy, Tahar Kechadi, and Ibrahim Baggili. 2013. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Dig. Investig. 10, 1 (2013), 34--43.Google ScholarDigital Library
Keyun Ruan, Joe Carthy, Tahar Kechadi, and Mark Crosbie. 2011. Cloud forensics. In Proceedings of the IFIP International Conference on Digital Forensics. 35--46.Google ScholarCross Ref
Yang Rui, Jiang-chun Ren, Bai Shuai, and Tang Tian. 2017. A digital forensic framework for cloud based on VMI. DEStech Trans. Comput. Sci. Eng. 868--878. DOI:10.12783/dtcse/cst2017/12595Google Scholar
Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. 2009. Towards trusted cloud computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing (HotCloud’09). USENIX Association. http://dl.acm.org/citation.cfm?id=1855533.1855536.Google ScholarDigital Library
Shaik Sharmila and Ch Aparna. 2019. VMSSS: A proposed model for cloud forensic in cloud computing using VM snapshot server. In Soft Computing for Problem Solving. Springer, 483--493.Google Scholar
George Sibiya, Hein S. Venter, and Thomas Fogwill. 2015. Digital forensics in the cloud: The state of the art. In Proceedings of the IST-Africa Conference. IEEE, 1--9.Google ScholarCross Ref
Stavros Simou, Christos Kalloniatis, Stefanos Gritzalis, and Haralambos Mouratidis. 2016. A survey on cloud forensics challenges and solutions. Secur. Commun. Netw. 9, 18 (2016), 6285--6314.Google ScholarCross Ref
Stavros Simou, Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2014. Cloud forensics solutions: A review. In Proceedings of the International Conference on Advanced Information Systems Engineering. Springer, 299--309.Google ScholarCross Ref
Jungmin Son and Rajkumar Buyya. 2018. A taxonomy of software-defined networking (SDN)-enabled cloud computing. ACM Comput. Surveys 51, 3 (2018), 59.Google ScholarDigital Library
Daniel Spiekermann, Tobias Eggendorfer, and Jörg Keller. 2015. Using network data to improve digital investigation in cloud computing environments. In Proceedings of the International Conference on High Performance Computing and Simulation. IEEE, 98--105.Google ScholarCross Ref
Abhinav Srivastava, Himanshu Raj, Jonathon Giffin, and Paul England. 2012. Trusted VM snapshots in untrusted cloud infrastructures. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 1--21.Google ScholarDigital Library
Yee-Yang Teing, Dehghantanha Ali, Kim Choo, Mohd T. Abdullah, and Zaiton Muda. 2019. Greening cloud-enabled big data storage forensics: Syncany as a case study. IEEE Trans. Sustain. Comput. 4 (2019), 204--216. Issue 2.Google ScholarCross Ref
Yee-yang Teing, Ali Dehghantanha, Kim-Kwang Raymond Choo, Tooska Dargahi, and Mauro Conti. 2017. Forensic investigation of cooperative storage cloud service: Symform as a case study. J. Forensic Sci. 62, 3 (2017), 641--654.Google ScholarCross Ref
Yee-Yang Teing, Ali Dehghantanha, Kim-Kwang Raymond Choo, and Laurence T. Yang. 2017. Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study. Comput. Electr. Eng. 58 (2017), 350--363.Google ScholarDigital Library
Sean Thorpe, Indrajit Ray, Tyrone Grandison, and Abbie Barbir. 2011. The virtual machine log auditor. In Proceedings of the IEEE 1st International Workshop on Security and Forensics in Communication Systems. 1--7.Google Scholar
Philip M. Trenwith and Hein S. Venter. 2013. Digital forensic readiness in the cloud. In Proceedings of the Conference on Information Security for South Africa. IEEE, 1--5.Google Scholar
Jia Wang, Fang Peng, Hui Tian, Wenqi Chen, and Jing Lu. 2019. Public auditing of log integrity for cloud storage systems via blockchain. In Proceedings of the International Conference on Security and Privacy in New Computing Environments. Springer, 378--387.Google ScholarCross Ref
Junqing Wang, Miao Yu, Bingyu Li, Zhengwei Qi, and Haibing Guan. 2012. Hypervisor-based protection of sensitive files in a compromised system. In Proceedings of the 27th Annual ACM Symposium on Applied Computing. ACM, 1765--1770.Google ScholarDigital Library
Shaun Waterman. 2018. New malware works only in memory, leaves no trace—Cyberscoop. Retrieved from https://www.cyberscoop.com/kaspersky-fileless-malware-memory-attribution-detection/.Google Scholar
Wenfeng Xia, Yonggang Wen, Chuan Heng Foh, Dusit Niyato, and Haiyong Xie. 2015. A survey on software-defined networking. IEEE Commun. Surveys Tutor. 17, 1 (2015), 27--51.Google ScholarDigital Library
Qiao Yan, F. Richard Yu, Qingxiang Gong, and Jianqiang Li. 2016. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Commun. Surveys Tutor. 18, 1 (2016), 602--622.Google ScholarDigital Library
Shams Zawoad, Amit Dutta, and Ragib Hasan. 2016. Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Depend. Secure Comput. 1 (2016), 1--1.Google Scholar
Shams Zawoad and Ragib Hasan. 2013. Cloud forensics: A meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312 (2013).Google Scholar
Olive Qing Zhang, Markus Kirchberg, Ryan K. L. Ko, and Bu Sung Lee. 2011. How to track your data: The case for cloud computing provenance. In Proceedings of the 3rd IEEE International Conference on Cloud Computing Technology and Science. IEEE, 446--453.Google ScholarDigital Library
Shu-hui Zhang, Xiang-xu Meng, and Lian-hai Wang. 2017. SDNForensics: A comprehensive forensics framework for software defined network. Development 3, 4 (2017), 5.Google Scholar

Index Terms

A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions
1. Applied computing
  1. Computer forensics
    1. Evidence collection, storage and analysis

Recommendations

Challenges and Solutions in Cloud Forensics
ICCBDC '18: Proceedings of the 2018 2nd International Conference on Cloud and Big Data Computing

Cloud computing is cutting-edge platform in this information age, where organizations are shifting their business due to its elasticity, ubiquity, cost-effectiveness. Unfortunately the cyber criminals has used these characteristics for the criminal ...
Read More
Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS
MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

Cloud computing is a promising and expanding technology which could replace traditional IT systems. Cloud computing resembles a giant pool of resources which contains hardware, software and related applications, which can be accessed through web-based ...
Read More
Forensics framework for cloud computing

Challenges faced by forensics investigators in cloud computing is highlighted.A new Framework is proposed to mitigate challenges faced by forensics investigators.Forensics server is introduced to collect all details regarding malicious activity.The ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 52, Issue 6
November 2020
806 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3368196
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 November 2019
- Accepted: 1 September 2019
- Revised: 1 July 2019
- Received: 1 February 2019
Published in csur Volume 52, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cloud forensics
SDN forensics
VM forensics in cloud
cloud network forensics
cloud storage artifacts forensics
digital forensics in cloud
forensic challenges in cloud
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 41
  Total Citations
  View Citations
- 3,054
  Total Downloads
- Downloads (Last 12 months)482
- Downloads (Last 6 weeks)70
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Challenges and Solutions in Cloud Forensics

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS

Forensics framework for cloud computing