The Complete Picture: Cloud-Based Evidence

By Rogue Heart,

The Complete Picture: Cloud-Based Evidence

Explore the fastest growing area in Digital Forensics

Cloud-based evidence is the fastest growing area in digital forensics. Accessing cloud evidence means having legal authority to compel production of the data, manually being provided the username(s) and password(s), or having other authentication credentials to access data, such as a login or password through an authentication token (Elcomsoft 2018). But, having the keys doesn’t mean you’ll access the locked chest treasure trove of data. And there are ethical concerns.

Opinions vary on cloud computing, cloud forensics, and cloud computing environments’ impact on digital forensics (Barrett 2020). Gathering evidence depends on:

  • Standard evidence acquisition procedures
  • Federal and local laws
  • Court accepted methods
  • Cooperation of the individual(s) who “owns” the data
  • And the cooperation of the cloud provider

Protecting and preserving electronic evidence can be done through simple practices:

  • Two-factor authentication
  • Strong passwords
  • Encrypted email services
  • And secure storage.

Safeguarding information is ethical and essential along with streamlining forensic teams’ workflows.

Cloud-Based Data Storage 

Evidential, cloud-based data stored for mobile phones include (American Bar Association 2016):

  • Locations
  • Text messages
  • Pictures
  • Videos
  • Music
  • Voicemails
  • A list of wireless networks where the phone connected
  • Address book
  • Email
  • Call logs
  • Web history

As tech giants move into stronger user-privacy practices, this data could become inaccessible. Google, whose widely-popular browser, operating system, location apps and entertainment platforms are accessed daily by internet users, recently started auto-deleting user data after 18 months. What can you do when your case is impacted?

Call us, the experts.

In traditional digital forensic acquisition, examiners focus on individual computers and isolated environments. Cloud computing forensics acquisition processes are different because they look into account servers, applications, and operating platforms that may be located abroad (Barrett 2020). The challenge is pinpointing the laws and jurisdiction that govern a region where a crime against data occurred (Tripwire 2019). Cloud servers and their data can be hosted in several countries, which makes cloud-based evidence susceptible to third-party compromises, legal red tape, or simply a lack of cooperation with your local laws.

Cloud-Based Evidence. Delivered.

“[Our clients] benefit by having a more complete picture…Of the algorithms that go on and capture information and report on it, we don’t ever see them because they exist somewhere else. But for the Cloud specifically, you know, we’re able to see your Gmail, your Google account, you’re able to see a timeline of activity,” says Josh Michel, a senior examiner on our team.

Roloff Digital Forensics’ examiners keep abreast of the new policies, datasets collected,  and general emergence in cloud-based privacy and technology, bolstering your case strategy, and getting the complete picture.

Want to get the complete picture for your case? Drop us a line.