Cloud Forensics: Digital Forensics of Cloud Based Storage and Applications

  • Sameera Abdulrahman Almulla

Student thesis: Doctoral Thesis


Cloud forensics is an emerging topic whose foundations rely on cloud computing and digital forensics. Researchers in the field of cloud forensics need to move away from insisting on acquiring complete data -as has historically been the case in computer forensicsand focus on proving accuracy, sufficiency, and soundness of partial data. In some cases, investigators might end up having to rely on Virtual Machine (VM) snapshots in the form of memory dumps and system/application related logs. There are several advantages that snapshot technology presents; such as: (1) the ability to be seized off-line, (2) minimal disturbance to business continuity during the course of investigation, and (3) the encapsulation of both memory and storage. However, snapshot file format varies based on the underlying virtual technology, and unstructured snapshot content considered as a challenge for forensics examiners. Therefore, in this thesis, we assess the digital forensics requirements of cloud based storage snapshot to generate forensically sound evidences. Once the integrity of the acquired snapshot had verified, investigators face the challenge of interpreting applications logs and meta-data. In this thesis, we focus on the logs of cloud-based business processes composed of tasks that can be mapped to Web service invocations. Web services are considered to be one of the key technology adopted in cloud computing. Business processes are composing of loosely-coupled Web Services over the Internet by means of composition primitives like choreography and orchestration. These compositional techniques put together Web Services that belong to different organizations potentially exposing the composed process to several threats. In this dissertation, we (1) examine the digital forensics requirement for a VM snapshots; (2) propose a novel forensics procedure to examine the acquired snapshot, and (3)propose a new technique for ana lysing cloud-based processes' logs using a finite state log analyser.
Date of AwardApr 2017
Original languageAmerican English
SupervisorYoussef Iraqi (Supervisor)


  • Cloud Forensics
  • Digital Forensics
  • Cloud Storage Snapshot
  • Web Service Forensics
  • Misbehaviour Detection.

Cite this