The Forensic Challenge Associated in a Cloud Computing Environment

Mark St. Peter

By Mark St. Peter

It’s no secret that cloud computing is becoming an increasingly popular and prominent presence in our social, professional and technological lives. At home and at work, the convenience and appeal of cloud computing is changing the way many people use, consume and store information.

For trial attorneys who have spent years adapting to the legal and technical challenges of electronic discovery, cloud computing presents a host of new and important differences that impact the way we collect, preserve and analyze electronically stored information (ESI).

Cloud Formation
While not all cloud-based services work the same way, cloud computing is essentially the lease of computing power managed by another party.

The advantages of this setup are clear: users do not have to invest in and maintain expensive computers, servers, routers and other pricey equipment. Instead, they can simply log in and pay to store or access data as needed, leaving the management to an outside party. The structure of this convenience, however, forces the legal field to confront a range of complicated data and evidentiary issues.

Mostly Cloudy
The biggest issue that cloud computing poses is that many of the traditional computer forensic methods are difficult or impossible to use when information is stored on the cloud. Hard drive imaging and the analyses of deleted files are not possible, and computer settings and registry information (such as login dates, passwords and more) are usually inaccessible. Without these tools, gathering ESI and analyzing digital evidence becomes more of a challenge. Challenges include:

Volatile Storage – Cloud environments are moved and reconfigured frequently. This limits the amount of computer settings and cached information that can be preserved, collected and examined.

Geographic Variance – Cloud services can be, and often are, based anywhere. Frequently, they are operated in Europe or Asia, regions with very different computer privacy laws and restrictions on what can and cannot be searched without proper authorizations.

Logical Access – The ability to examine the cloud environment will be limited by the scope of the login ID and password that you are granted. Legal and technical professionals need to be conscientious about ensuring that their login credentials facilitate proper access to all of the potentially relevant information.

Multitenant Structure – Cloud environments typically group several user environments onto one physical piece of equipment or infrastructure configuration. Oftentimes, those users are completely unrelated to each other. This opens up a range of complications, primarily liability concerns.

Stormy Weather – Physical access to the computer is one of the biggest hurdles, but there are also a number of issues that need to be taken into account when analyzing metadata (information about the computer file, not the content of the file itself). One of the most important is the fact that dates do not necessarily reflect the date of user activity, and may instead reflect the movement of files onto the cloud.

Additionally, attorneys and ESI experts need to appreciate the fact that, unlike in traditional computer forensics, they are almost always looking at one section of the entire computing environment. Information that might otherwise be contained within a single computer or file server may be spread among multiple hard drives and servers.

Raincoats & Umbrellas
Understanding the limitations of electronic discovery and digital evidence gathering in a cloud context is an important first step. But what proactive steps can be taken?

First, remember that the examination of the client (the computer used to access the cloud) is still available, and may offer some important clues or evidence. Some popular social websites like Facebook have introduced the ability to download data stored within the user’s pages, which can be a treasure trove of information. Also, many popular Web-based email services, like Gmail or Yahoo!, can be accessed and acquired during communication protocols such as IMAP and POP that work outside the cloud.

Long-Range Forecast
Cloud computing is not going anywhere—as more businesses and individuals move to the cloud, it is important that the legal community stays up to date on emerging issues. Those who continue to educate themselves will not only know when to call in the experts, but also will discover that they can direct a ray of figurative sunshine into even the cloudiest corners of virtual space.

For more information, visit