Abstract—Cloud Computing is on demand network, data access anywhere anytime. Pay per model is gaining commercial day by day. Due to the popularity of cloud and all time availability, the security issue is again the main concern nowadays. The client don’t know where the data is stored and in which datacenter. The distributed nature of cloud is again the point of security in cloud and also gives the chance to malicious activities to be carried out very easily. Cloud computing presents the abstract layer to user for storing their confidential data hiding their architectural details. Due to this whenever the malicious activity happens in cloud, it becomes very difficult to trace. This gives rise to new area of research in the field of digital forensics that has unique challenges and opportunities in context of cloud. This paper presents the detail study of malicious activity that can be carried out in cloud and with the help of some case studies and detailed methodology of proposed architecture earlier mentioned in the paper. Keywords—Live acquisition, evidence, identification, Examination. I. INTRODUCTION Cloud Computing, the long-held dream of computing as a utility, has the potential to transform a IT technologies such as software’s, hardware’s, network points more attractive so that it can be purchased at minimal rate .The billing of cloud based services is as simple as the user pays for electricity or water supply. Cloud Computing is emerging as new paradigm in the field of Information Technology. Rather than procuring a physical IT infrastructure to host applications, organizations are relying on third party to deploy their applications [9]. It becomes very easy for organization to rely on virtualized environment in comparison with traditional way of reconfiguring or scaling its physical infrastructure. However with the increasing in rapid technology and benefits security breaches, attacks or policy violations occur. There are some concerns about how security and compliance integrity can be maintained in this new virtualized environment [9]. Complementary to this, the use of cloud computing can reduce the costs of providing IT services, by eliminating redundant computing power and storage, reducing support requirements and reducing fixed capital commitments. Existing digital forensic investigation processes are intended for doing offline investigation. The evidences are within the reach of investigator and ownership boundaries are well defined. The rise of cloud computing raised much of the scope for the intruder to use cloud in malicious way. This raised the new area in the field of digital forensics that is cloud forensics. The digital forensic consists of four phases- Identification, Data Extraction, Preservation and Collection, Analysis or Examination and last is Presentation. In context of cloud all this phases has its unique importance and problems too. The remainder of the paper is organized as follows – Section II illustrates cloud forensics and challenges the underlying architectures faces, then Section III illustrates different attacks with two case studies. Section IV presents related work with respect to cloud forensics and Section V gives the proposed architecture for cloud forensics. II. CLOUD FORENSICS AND CHALLENGES Cloud forensics is a very new area that has emerged due to dynamic multi-tenant and black box architecture of cloud. The traditional digital forensic technique becomes blurred with the advent of cloud technology. The traditional digital forensics assumes that the computer being investigated is within the reach of investigator but in context of cloud this process becomes out of reach of any investigator. To gain access to computer the investigator has to rely on cloud service provider which is again impossible in case of cloud as data being investigate resides in virtual instance and shutting down the instance and seizing for forensic investigation may force other virtual instance which is running to shut down which is not again the policy of cloud providers. Every digital forensic technique consists of identification, data extraction, preservation and collection, analysis and presentation Phase. Every phase has its own significance in context of cloud environment. Many authors had given different approaches for all this stages of cloud forensics because of problems faced due to multilayered, multitenant architecture of cloud. The various stages are illustrated by different authors covering all challenges and suggested solutions. A. Identification Identification is reporting of malicious activity in cloud such as illegal use of cloud for storing files, deleting files and so on. This phase arise in cloud by the complaint made by individual, by CSP authority reporting misuse of cloud or any other. J.J.Shah, Phd Scholar Dr. L.G.Malik G.H.Raisoni College of Engineering,Nagpur G..H.Raisoni College of Engineering,Nagpur jagruti.shah@raisoni.net latesh.malik@raisoni.net An Approach Towards Digital Forensic Framework for Cloud 798 978-1-4799-2572-8/14/$31.00 c 2014 IEEE