Forensics in Cloud Environment

List of old papers related to Cloud Forensics


  • Provenance for the Cloud – K. Muniswamy-Reddy, P. Macko, M. Seltzer
  • Provenance as First Class Cloud Data – K. Muniswamy-Reddy, M. Seltzer
  • Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing – R. Lu, X. Lin, X. Liang, X. Shen
  • The open provenance model core specification – L.Moreau, B. Clifford, J. Freire, Y. Gil et al
  • The case for Browser Provenance – Daniel W. Margo, Margo Seltzer
  • Provenance-Aware Storage Systems – K. Muniswamy-Reddy, D. Holland, U. Braun, M. Seltzer
  • Challenges for Provenance in Cloud Computing – I. Abbadi, John Lyle
  • Securing Provenance – U. Braun, A. Shinnar, M. Seltzer


  • Cloud Security Is Not (Just) Virtualization Security – M. Christodorescu, R. Sailer, D. Schales, D. Sgandurra, D. Zamboni
  • Cloud Architectures – J. Varia, AWS
  • Accountable Virtual Machines – A. Haeberlen, P. Aditya, R. Rodrigues, P. Druschel

Virtual Machine Introspection (VMI)

  • Forensics Examination of Volatile System Data Using Virtual Introspection – B. Hay, K. Nance
  • A Virtual Machine Introspection Based Architecture for Intrusion Detection – T. Garfinkel, M. Rosenblum
  • Investigating the Implications of Virtual Machine Introspection for Digital Forensics – K. Nance, B. Hay, M. Bishop
  • The Rising Impact of Virtual Machine Hypervisor Technology on Digital Forensics Investigations – P. Bates
  • Leveraging Forensic Tools for Virtual Machine Introspection – B. Dolan-Gavitt, B. Payne, W. Lee

Cloud Incident Management / Forensics

  • Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing – Incident Management and Forensics Working Group, CSA
  • Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems – S. Zawoad, R. Hasan
  • Forensic investigations of cloud computing systems – M. Taylor, J. Haggerty, D. Gresty, D. Lamb
  • Digital evidence in cloud computing systems – M. Taylor, J. Haggerty, D. Gresty, R. Hegarty
  • Cloud Forensics: An Overview – K. Ruan, J. carthy, T. Kechadi, M. Crosbie
  • Survey on cloud forensics and critical criteria for cloud forensics capability: A preliminary analysis – K. Ruan, I. Baggili, J. Carthy, T. Kechadi
  • A Digital Investigation Tool based on Data Fusion in Management of Cyber Security Systems – S. Satpathy, S. Pradhan, B. Ray
  • Digital forensics research: the next 10 years – S. Garfinkel
  • Cloud Application Logging for Forensics – R. Marthy
  • Digital Investigations in the Cloud – E. Hobson
  • Towards Incident Handling in the Cloud: Challenges and Approaches – B. Grobauer, T. Schreck
  • Virtual Machine for Computer Forensics – the Open Source Perspective – D. Bem
  • Digital Forensics: Defining a Research Agenda – K. Nance, B. Hay, M. Bishop
  • Ghost in the Machine – Forensic Evidence Collection in the Virtual Environment – E. Fittermann, J. Durick
  • Cyber Forensics in the Cloud – S. Zimmermann, D. Glavach
  • Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies – A. Sherman, J. Dykstra
  • Following Incidents into the Cloud – J. Reed, SANS Reading Room
  • Finding File Fragments in the Cloud – D. Ras, M. Olivier
  • Isolating a Cloud Instance for a Digital Forensic Investigation – A. Delport, M. Olivier, M. Koehn
  • Cloud Computing and Data Jurisdiction: A New Challenge for Digital Forensics – G. Vaciago
  • Cloud computing and computer forensics for business applications – L. Slusky, P. Partow-Navid, M. Doshi
  • Cloud Forensics – K. Ruan, J. Carthy, T. Kechadi, M. Crosbie
  • Calm before the Storm: The Emerging Challenges of Cloud Computing in Digital Forensics – G. Grispos, T. Storer, W. B. Glisson
  • Improving Chain of Custody in Forensic Investigation of Electronic Digital Systems – G. Giova
  • Cyber Forensic for Hadoop based Cloud System – C. Cho, S. Chin, K. Chung


  • Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space – M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, E. Weippl
  • Eventual Consistency: How soon is eventual? An Evaluation of Amazon S3’s Consistency Behavior – D. Bermbach, S. Tai
  • Bigtable: A Distributed Storage System for Structured Data – F. Chang, J. Dean, S. Ghemawat, D. Hsieh, D. Wallach, M. Burrows, T. Chandra, A. Fikes, R. Gruber
  • Proofs of Ownership in Remote Storage Systems – S. Halevi, D. Harnik, B. Pinkas
  • Side Channels in Cloud Services – Deduplication in Cloud Storage – D. Harnik, B. Pinkas, Al. Shulman-Peleg
  • Cryptographic Cloud Storage – S. Kamara, K. Lauter
  • Web-based Attacks on Host-Proof Encrypted Storage – K. Bhargavan, A. Delignat-Lavaud


  • Privacy and Artificial Agents, or, Is Google Reading My Email? – S. Chopra, L. White
  • Content Cloaking: Preserving Privacy with Google Docs and other Web Applications – D. D’Angelo, F. Vitali, S. Zacchiroli
  • An Analysis of Private Browsing Modes in Modern Browsers – G. Aggarwal, E. Bursztein, C. Jackson, D. Boneh
  • How Unique Is Your Web Browser – P. Eckersley
  • Attacking with HTML 5 – L. Kuppan
  • Feasibility and Real-World Implications of Web Browser History Detection – A. Janc, L. Olejnik
  • Why Aren’t HTTP-Only Cookies More Widely Deployed – Y. Zhou, D. Evans

Somehow Related

  • Trusting in the Cloud – C. Cachin, I. Keidar, A. Shrear
  • A Case for the Accountable Cloud – A. Haeberlen
  • The Eucalyptus Open-source Cloud-Computing System – D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, D. Zagorodnov
  • Security Audits of Multi-Tier Virtual Infrastructures in Public Infrastructure Clouds – S. Bleikertz, M. Schunter, C. Probst, D. Pendarakis, K. Eriksson
  • Identifying the security risks associated with governmental use of cloud computing – S. Paquette, P. Jaeger, S. Wilson
  • Self Hosting vs. Cloud Hosting: Accounting for the security impact of hosting in the cloud – D. Molnar, S. Schechter
  • From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud – P. Swire
  • Secure Logging and Auditing in Electronic Health Records Systems: What Can We Learn from the Payment Card Industry – J. King, L. Williams
  • Using the Cloud to Determine Key Strenghts – T. Kleinjung, A.K. Lenstra, D. Page, N.P. Smart
  • Critical Cloud Computing – A CIIP perspective on Cloud Computing Services – M.A.C. Dekker