were stored in the cloud in 2013, or 1,073,741,824 GB. In other words: a lot! People and services have started to move their data to the cloud for various reasons. For one, it’s faster and, secondly, it’s extremely convenient to keep important documents or even personal, valuable data like photographs or notes online. This why, if your PC or notebook crashes, you won’t have to worry about all that precious data getting lost. You can always retrieve or access it from the cloud. For forensic investigations, the cloud is both a godsend and a curse. It helps forensic investigations since there’s a lot of data to go about, including digital breadcrumbs left behind by criminals. At the same time, when these data are used on the cloud, they’re typically secured by the developing or servicing companies and law enforcement officers might find it difficult to retrieve them in due time.
Image: Lab Systems
For instance, let’s take a look at social media. In 2017, it is estimated that there will be around 191.2 million social network users in the United States, up from 173.6 million in 2014. Most use Facebook or Twitter, but also Flickr or Tumblr. All of these use cloud computing to store and access immense amounts of data. But since this data isn’t kept on a criminal’s hard drive or can be tapped like an , law enforcers need to request access from the service provider if they don’t have the permissions or capabilities to access the username and password .
If you’re an investigative force requesting private data in the cloud from a company located in the same country as the investigation is taking place then it can take a few weeks to a few months to obtain this data. However, if you’re requesting the data from another country, bearing in mind the investigation is taking place in Europe, when most of the world’s major service providers are based in the US, then it can take up to a year to retrieve the data. So, it can all be really complicated especially when you’re dealing with timely investigations in which a conviction rests on the information you can snatch from the web. When live investigations are concerned, the consequences can be a lot worse, like more victims and people losing their lives.
[ALSO READ] How to become a digital forensic specialist
Also, service providers aren’t always compliant with law enforcement investigations in time. In the UK, during the first half of 2014, Facebook and Google’s response rate was 70%, while Twitter’s response rate was only at 40%. There’s a work around, though. Everybody owns a smartphone nowdays, including most criminals. When a mobile phone is seized in criminal investigations, law enforcement can use technology such as the UFED Cloud Analyser, to access private-user cloud data by utilizing login details that have been extracted from the mobile device of the suspect or victim. Under proper legal authority, like a warrant or written consent, digital forensic specialists may extract the private-user cloud data. Then, it’s a matter of checking if the information is authentic, traceable and thus defensible in court. There are five steps involved in extracting the using such technology:
- Seize the mobile device and begin a forensic extraction of data
- Decode cloud services login information from the extracted forensic copy of the device
- Forensically preserve private user data using login information from the mobile device or manually provided credentials
- Analyse and report data from different cloud data sources in a unified format
- Deliver data to additional relevant law enforcement and justice officials
Then, of course, a digital forensic will perform an analysis and reporting of the retrieved data so a non-specialist, say a judge, can interpret them. The importance of cloud data in so many areas of everyday life means that law enforcement agencies simply must consider the pool of evidence that is stored in the cloud during criminal investigations. Failure to keep up with the times can only spell disaster for law enforcement in the future.