Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


The change in business models to incorporate a wide variety of cloud computing environments has resulted in the escalation of computer crimes in the areas of security breaches and hacking. Methods to acquire evidence in a cloud computing environment are limited due to the complexity of the cloud environment. Since digital acquisition processes in cloud computing environments are still in the infancy stages, there have been no studies in the application of existing frameworks to this type environment based on traditional forensic processes.

This paper describes a qualitative study conducted to develop a robust contingency framework for deciding when to use traditional forensic acquisition practices, when to use modified processes, and when it is necessary to develop new forensic acquisition processes more appropriate to the cloud computing environment. The contingency framework was developed through the evaluation of 20 common forensic procedures by a panel of forensic and cloud computing subject matter experts.


Almulla, S. A., Iraqi, Y., and A. Jones (2014). A state-of-the-art review of cloud forensics. Journal of Digital Forensics, Security and Law, 9(4), 7–28. Retrieved from http://www.jdfsl.org/

Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., … Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53, 50-58. doi:10.1145/1721654.1721672

Austin, R. D., & Devin, L. (2009). Weighing the benefits and costs of flexibility in making software: Toward a contingency theory of the determinants of development process design. Information Systems Research, 20(3), 462-479. doi: 10.1287/isre.1090.0242

Baird, A., Furukawa, M. F., & Raghu, T. S. (2012). Understanding contingencies associated with the early adoption of customer-facing web portals. Journal of Management Information Systems, 29(2), 293-324. doi:10.2753/MIS0742-1222290210

Battilana, J., & Casciaro, T. (2012). Change agents, networks, and institutions: a contingency theory of organizational change. Academy of Management Journal, 55(2), 381-398. doi:10.5465/amj.2009.0891

Berman, S. J., Kesterson-Townes, L., Marshall, A., & Srivathsa, R. (2012). How cloud computing enables process and business model innovation. Strategy & Leadership, 40(4), 27-35. doi:10.1108/10878571211242920

Bourgeois, J., Pugmire, L., Stevenson, K., Swanson, N., & Swanson, B. (2011). The Delphi method: A qualitative means to a better future (Citirano 2.11.2011). Retrieved from http://www.freequality.org/html/knowledg e.html

Carlton, G. H. (2007). A grounded theory approach to identifying and measuring forensic data acquisition tasks. Journal of Digital Forensics, Security and Law, 2(1), 35-56. Retrieved from http://www.jdfsl.org/

Chou, T. S. (2011). Cyber security threats detection using ensemble architecture. International Journal of Security and Its Applications, 5(2), 11-15. Retrieved from http://www.sersc.org/journals/IJSIA/

Colquitt, J. A., & Zapata-Phelan, C. P. (2007). Trends in theory building and theory testing: A five-decade study of the Academy of Management Journal. Academy of Management Journal, 50(6), 1281-1303. doi:10.5465/AMJ.2007.28165855

Corley, K. G., & Gioia, D. A. (2011). Building theory about theory building: What constitutes a theoretical contribution? Academy of Management Review, 36, 12- 32. doi:10.5465/AMR.2011.55662499

Corrin, A. (2106, April). New Army program shifting cyber operation. Federal Times. Retrieved from http://www.federaltimes.com/story/govern ment/cybersecurity/2016/04/04/armycyber- operations/82621910/

Dae Ham, C., Hong, H., & Cameron, G.T. (2012). Same crisis, different responses: Case studies of how multiple competing corporations responded to the same explosion-related crises. International Journal of Business and Social Science, 3(20), 19-31. Retrieved from http://www.ijbssnet.com/update/

Daryabar, F., Dehghantanha, A., & Udzir, N. I. (2013). A review on impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 77- 94.

Desai, P., Solanki, M., Gadhwal, A., Shah, A., Patel, B. (2015, January). Challenges and Proposed Solutions for Cloud Forensic. International Journal of engineering Research and Applications, 1(5), 37-42.

Farina, J., Scanlon, M., Le-Khac, N., & Kechadi, T. (2105, August). Overview of the Forensic Investigation of Cloud Services. International Workshop on Cloud Security and Forensics (WCSF 2015).

Fiaidhi, J., Bojanova, I., Zhang, J., & Zhang, L. (2012). Enforcing multitenancy for cloud computing environments. IT Professional Magazine, 14(1), 16-18. doi:10.1109/MITP.2012.6 – d

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation,7, Supplement, S64-S73. doi:10.1016/j.diin.2010.05.009

Goodall, J. R., Lutters, W. G., & Komlodi, A. (2009). Developing expertise for network intrusion detection. Information Technology & People, 22(2), 92-108. doi:10.1108/09593840910962186

Green, K. C., Armstrong, J. S. & Graefe, A. (2007). Methods to elicit forecasts from groups: delphi and prediction markets compared. Foresight: The International Journal of Applied Forecasting. (8),17-20. Retrieved from http://forecasters.org/foresight/

Hallowell, M. R., & Gambatese, J. A. (2010). Qualitative research: Application of the Delphi method to CEM research. Journal of Construction Engineering & Management, 136(1), 99-107. doi:10.1061/(ASCE)CO.1943-7862.0000137

Hsu, C., & Sandford, B. A. (2007). The Delphi technique: Making sense of consensus. Practical Assessment, Research & Evaluation, 12(10), 1-8. Retrieved from: http://pareonline.net/

Hurley, M. M. (2012). For and from cyberspace: Conceptualizing cyber intelligence, surveillance, and reconnaissance. Air & Space Power Journal, 26(6), 12-33. Retrieved from http://www.airpower.au.af.mil/

Information Systems Audit and Control Association (2009). An introduction to the business model for information security. Retrieved from http://www.isaca.org/Knowledge- Center/Research/ResearchDeliverables/Pa ges/An-Introduction-to-the-Business- Model-for-Information-Security.aspx

Jacobson, D. D. (2009, January). Revisiting IT Governance in the Light of Institutional Theory. In 42nd Hawaii International Conference on System Sciences, 2009. 1-9. Retrieved from http://www.hicss.hawaii.edu/

Kalchschmidt, M. (2011). Best practices in demand forecasting: tests of universalistic, contingency and configurational theories. International Journal of Production Economics, 140(2), 782-793. doi:10.1016/j.ijpe.2012.02.022

Ke, W., Tan, C., Sia, C., & Wei, K. (2012). Inducing intrinsic motivation to explore the enterprise system: The supremacy of organizational levers. Journal of Management Information Systems, 29(3), 257-290. doi:10.2753/MIS0742-1222290308

Kessler, G. (2011). Judges’ awareness, understanding, and application of digital evidence. Journal of Digital Forensics, Security and Law, 6(1), 55-72. Retrieved from http://www.jdfsl.org/

Knapp, K. J., Ford, F. N., Marshall, T. E., & Rainer, R. K. (2007). The common body of knowledge: A framework to promote relevant information security research. Journal of Digital Forensics, Security and Law, 2(1), 9-34. Retrieved from http://www.jdfsl.org/

Lallie, H., & Pimlott, L., (2012). Challenges in applying the ACPO principles to cloud forensic investigations. Journal of Digital Forensics Security and Law, 7(1) 71-86. Retrieved from http://www.jdfsl.org/

Mathiassen, L., & Sorensen, C. (2008). Towards a theory of organizational information services. Journal of Information Technology, 23(4), 313-329. doi:10.1057/jit.2008.10

National Institute of Standards and Technology (NIST), (2014). Cloud Computing Forensic Science. Retrieved from http://collaborate.nist.gov/twikicloudcomputing/ bin/view/CloudComputing/CloudForensics

Neuman, W. L. (2003). Social research methods: Qualitative and quantitative approaches (5th ed.). Upper Saddle River, NJ: Pearson Education.

Ngo, L., Zhou, W., & Warren, M. (2005, September). Understanding transition towards information security culture change. Proceedings of the 3rd Australian Information Security Management Conference, 67-73. Retrieved from http://ro.ecu.edu.au/ism/

Pătraşcu, A., & Patriciu, V. V. (2014). Digital Forensics in Cloud Computing. Advances in Electrical and Computer Engineering, 14(2).

Pieters, W. (2011). The (social) construction of information security. Information Society, 27(5), 326-335. doi:10.1080/01972243.2011.607038

Qiu, J., Donaldson, L., & Luo, B. N. (2012). The benefits of persisting with paradigms in organizational research. The Academy of Management Perspectives, 26(1), 93-104. doi:10.5465/amp.2011.0125

Ransbotham, S., & Mitra, S. (2009). Choice and chance: A conceptual model of paths to information security compromise. Information Systems Research, 20(1), 121- 139,156. doi:10.1287/isre.1080.0174

Ruan, K., Baggili, I., Carthy, J., & Kechadi, T. (2011, May). Survey on cloud forensics and critical criteria for cloud forensic capability. Journal of Digital Forensics, Security and Law, Conference Proceedings, 55-70. Retrieved from http://www.digitalforensicsconference. org/subscriptions/proceedings_ 2011.htm

Snyder, C. (2012). A case study of a case study: Analysis of a robust qualitative research methodology. Qualitative Report, 12 (9), 661-682. doi:10.1097/00000478- 198809000-00002

Tassabehji, R. (2005). Principles for managing information security. Encyclopedia of Multimedia Technology and Networking, (pp. 842-848). doi:10.4018/978-1-59140-561- 0.ch119

Thomas, D. M., Gupta, S., & Bostrom, R. P. (2008, January). A meta-theory for understanding IS in socio-technical systems. Proceedings of the 41st Annual Hawaii International Conference on System Sciences, IEEE, (pp. 451-451). doi:10.1109/HICSS.2008.28

Willis, J.W. (2007). Foundations of qualitative research: Interpretive and critical approaches. Thousand Oaks, CA: Sage.

Zhang, S., Yan, H., & Chen, X. (2012). Research on key technologies of cloud computing. Physics Procedia, 33, 1791- 1797. doi:10.1016/j.phpro.2012.05.286

Zhou, G., Cao, Q., & Mai, Y. (2012). Forensic analysis using migration in cloud computing environment. Information and Management Engineering, 236, 417-423. doi:10.1007/978-3-642-24097-3_62

Zhou, X., & Mao, F. (2012, August). A semantics web service composition approach based on cloud computing. Fourth International Conference on Computational and Information Sciences (ICCIS), 2012, 807-810. doi:10.1109/ICCIS.2012.43

Zimmerman, S. & Glavach, D. (2011). Cyber forensics in the cloud. IA Newsletter, 14(1), 4-7. Retrieved from http://iac.dtic.mil/iatac



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.