Privacy annotation from differential analysis of snapshots

The invention claimed is: 1. A computer-implemented method for preventing divulgation of sensitive data in two snapshots of one or more same systems in a cloud environment, the method comprising: identifying a set of files from among a plurality of file pairs, each of the plurality of file pairs being formed from a respective file that includes at least one difference with respect to each of the two snapshots, taken at different times; performing a pattern reducing process that removes, from the set of files, any of the files having, as the at least one difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation: performing a commonality reducing process that removes, from the set of files, any of the files having, as the at least one difference, a common difference between different system users; and annotating data in remaining ones of the files in the set of files as potentially being the sensitive data, subsequent to said pattern reducing and commonality reducing processes, wherein the two snapshots comprise at least one Sandbox-based image of the one or more same systems of the cloud environment, and wherein the predetermined non-sensitive difference between the respective executions of the pre-determined system operation is determined using a Sandbox host. 2. The computer-implemented method of claim 1 , further comprising: prompting the user to provide a user input indicating whether to delete the annotated data; and deleting the annotated data responsive to the user input. 3. The computer-implemented method of claim 1 , further comprising: checking annotations of the annotated data to generate an annotation checking result; and modifying a system configuration of at least one of the one or more same systems, responsive to the annotation checking result. 4. The computer-implemented method of claim 1 , wherein each of the plurality of file pairs is formed based on the respective files therein having the at least one difference there between selected from the group consisting of (i) different attributes, (ii) different hash values and (iii) a status of one of the respective files being added or deleted relative to the other one of the respective files in a given one of the file pairs. 5. The computer-implemented method of claim 1 , wherein the common difference between the different system users is determined based on image content similarity data and image relationship data. 6. The computer-implemented method of claim 5 , wherein the image content similarity data is selected from the group consisting of operating system data, distribution data, file creation data, and file update data. 7. The computer-implemented method of claim 5 , wherein the image relationship data comprises meta-data derived image history data. 8. The computer-implemented method of claim 1 , wherein the common difference between the different system users is determined using, an actual one of the one or more systems. 9. The computer-implemented method of claim 1 , wherein the commonality reducing process and the pattern reducing process are iteratively performed based on one or more iteration criterion. 10. The computer-implemented method of claim 9 , wherein the one or more iteration criterion comprise an absence of further size reduction in the remaining ones of the files in the set.