Applying a Contingency Framework to Digital Forensic Processes in Cloud Based Acquisitions

Abstract

The change in business models to incorporate a wide variety of cloud computing environments has resulted in the escalation of computer crimes in the areas of security breaches and hacking. Methods to acquire evidence in a cloud computing environment are limited due to the complexity of the cloud environment. Since digital acquisition processes in cloud computing environments are still in the infancy stages, there have been no studies in the application of existing frameworks to this type environment based on traditional forensic processes. This paper describes a qualitative study conducted to develop a robust contingency framework for deciding when to use traditional forensic acquisition practices, when to use modified processes, and when it is necessary to develop new forensic acquisition processes more appropriate to the cloud computing environment. The contingency framework was developed through the evaluation of 20 common forensic procedures by a panel of forensic and cloud computing subject matter experts.