The Complete Picture: Cloud-Based Evidence

By Rogue Heart,

The Complete Picture: Cloud-Based Evidence

Explore the fastest growing area in Digital Forensics

Cloud-based evidence is the fastest growing area in digital forensics. Accessing cloud evidence means having legal authority to compel production of the data, manually being provided the username(s) and password(s), or having other authentication credentials to access data, such as a login or password through an authentication token (Elcomsoft 2018). But, having the keys doesn’t mean you’ll access the locked chest treasure trove of data. And there are ethical concerns.

Opinions vary on cloud computing, cloud forensics, and cloud computing environments’ impact on digital forensics (Barrett 2020). Gathering evidence depends on:

  • Standard evidence acquisition procedures
  • Federal and local laws
  • Court accepted methods
  • Cooperation of the individual(s) who “owns” the data
  • And the cooperation of the cloud provider

Protecting and preserving electronic evidence can be done through simple practices:

  • Two-factor authentication
  • Strong passwords
  • Encrypted email services
  • And secure storage.

Safeguarding information is ethical and essential along with streamlining forensic teams’ workflows.

Cloud-Based Data Storage 

Evidential, cloud-based data stored for mobile phones include (American Bar Association 2016):

  • Locations
  • Text messages
  • Pictures
  • Videos
  • Music
  • Voicemails
  • A list of wireless networks where the phone connected
  • Address book
  • Email
  • Call logs
  • Web history

As tech giants move into stronger user-privacy practices, this data could become inaccessible. Google, whose widely-popular browser, operating system, location apps and entertainment platforms are accessed daily by internet users, recently started auto-deleting user data after 18 months. What can you do when your case is impacted?

Call us, the experts.

In traditional digital forensic acquisition, examiners focus on individual computers and isolated environments. Cloud computing forensics acquisition processes are different because they look into account servers, applications, and operating platforms that may be located abroad (Barrett 2020). The challenge is pinpointing the laws and jurisdiction that govern a region where a crime against data occurred (Tripwire 2019). Cloud servers and their data can be hosted in several countries, which makes cloud-based evidence susceptible to third-party compromises, legal red tape, or simply a lack of cooperation with your local laws.

Cloud-Based Evidence. Delivered.

“[Our clients] benefit by having a more complete picture…Of the algorithms that go on and capture information and report on it, we don’t ever see them because they exist somewhere else. But for the Cloud specifically, you know, we’re able to see your Gmail, your Google account, you’re able to see a timeline of activity,” says Josh Michel, a senior examiner on our team.

Roloff Digital Forensics’ examiners keep abreast of the new policies, datasets collected,  and general emergence in cloud-based privacy and technology, bolstering your case strategy, and getting the complete picture.

Want to get the complete picture for your case? Drop us a line.

Brains Beat Algorithms: Why Digital Forensics Still Need Humans + AI

By Rogue Heart,

Brains Beat Algorithms: Why Digital Forensics Still Need Humans + AI

We get it, understanding artificial intelligence and keeping up with emerging technology is hard and probably not taught in law school. Artificial intelligence is and remains a current and future challenge for the digital forensics community.

Law enforcement agencies are struggling with digital investigations worldwide. According to a study by Cellebrite, each digital investigation case involves 2-4 mobile devices and nearly half (45%) will involve a computer (Muhlberg 2020) and this is just the beginning as third-party service providers will frequently maintain, often in the cloud, relevant data as well. With all of that hardware, software, and information to comb through, you need experts and tools to make sense of the data.

Our examiners help you understand the benefits and constraints of artificial intelligence in digital evidence and show you that we’re your best source for when it comes to understanding the data in your case, as well as the data that may be missing. This understanding can be critical when preparing a case.

We combine knowledge of the legal system and the courts, prioritize tasks, and follow investigative intuition. We walk you through the process. Algorithms can’t do that. At least not perfectly.

Big Brains Vs. Big Data 

According to researchers in a study by Jarrett and Choo (2021), AI enables digital forensics, especially during the evidence analysis phase. These days, you need the resources to have evidence analyzed efficiently and a compelling story.

“Ultimately, human mindsets, understanding a scenario’s full context, and logical thinking cannot be entirely replicated by machine learning,” says Josiah Roloff, President of Roloff Digital Forensics. “The human mind has an amazing capacity for investigative intuition and can prioritize tasks versus needing to process full datasets simply because they are there. AI automation has its place, but all of this and more, make it important in understanding the roles we give automation versus a hands-on approach.”

AI: What Lawyers Need to Know 

Artificial intelligence does AND doesn’t make your job easier. Highly trained and experienced examiners can help you to fill in the gaps.

Pros to artificial intelligence:

  • Parses through massive amounts of data in a short amount of time (Jarrett & Choo 2021)
  • Finds and filters specific objects in images, tracks down keywords in texts, and creates relationship analysis (Muhlberg 2020)

Cons of artificial intelligence

  • No guarantee it works. Make sure you understand the AI you’re using (the data used to develop it and by whom) (Bloomberg 2019)
  • Bias and prejudices may exist from the developers and trainers, skewing the results. Our examiners always test the evidence, our findings, and automated findings, before presenting it. 
  • “Black box AI” – proprietary information where companies aren’t transparent about how the AI generates its information. Examiners can’t analyze and dig into how results occurred (American Bar Association 2020)
  • Many AIs are ineffective (American Bar Association 2019)


Your Trusted Digital Forensics

AI isn’t going anywhere. It’s legit to be skeptical of the technology and follow the “trust, but verify” principle. Trust is at the center of our work. We combine technological and relational skillsets with ongoing training to walk you through emerging technology, helping you take the right steps forward to win your case. Meet our team and how we’re qualified.

Leave it us, not just the machines

Drop us a line