Five questions about digital forensics in the cloud

Discovery Insights

When forensic investigators go data gathering these days, the hunt may well take them to the cloud. Cloud computing has evolved rapidly from a technology of the future into an integral component of many organizations’ strategy, operations, and infrastructure. Private and public sector organizations are using it to reduce costs, improve data management, and foster communication and collaboration.

What’s the future for business systems outside of the cloud?

Organizations will continue hosting traditional, on-premise data sources such as servers, laptops, and mobile devices with end-point devices such as laptops and mobile devices continuing into the foreseeable future. As servers transition from on-premise to cloud infrastructure, forensic preservation and investigation experience related to the on-premise data sources will continue even as organizations layer in or transition to cloud-based data solutions. As such, adding skills to help navigate the intricacies of cloud-based applications and cloud-hosted data is essential to helping organizations address the full scope of their discovery requirements.

While not immediately imminent, the vision of cloud-only is very real.

How do we keep up with the changing cloud applications?

Cloud application deployments constantly evolve and update and organizations do not necessarily know when the cloud application has changed. IT organizations and business users are familiar with the structured release of versions and subversions in traditional application deployment such as moving from version 8.54 to 8.62 of a software package. The constant and ongoing updates to cloud applications challenge current IT and business process change management approaches. In addition, the fluid cloud environment creates obstacles to data collection and preservation procedures that may impede the discovery process.

cloud connected

How does the cloud change data residence?

Many cloud development and hosting platforms allow organizations to select where their data resides⁠—an important capability for discovery purposes. An organization should exercise that right in adherence to data privacy restrictions and other regulatory considerations relevant to their organization and industry.

In some cases, organizations leveraging cloud-based, multi-tenant applications may not know where their data resides or may not be provided options to control their data residence. Two common examples of these applications are cloud-based office productivity tools and sales and marketing applications. The data residency situation can unknowingly lead to an incident with local data privacy and cross-border data transfer laws.

screen touch

How do we determine where to analyze the data?

Several factors warrant consideration in deciding where to conduct analysis, including data volume, availability of data analysis tools, and financial impact. Careful evaluation of these factors is required to determine the most effective analysis solution that meets defensibility standards.

Alternatively, cloud solutions often include data analysis tools allowing immediate and direct access to an organization’s data. Understanding the cloud platform’s analytic capabilities and limitations is essential to determine if the in-cloud analysis is an acceptable option. If the analytics tools available in the cloud are sufficient for the investigation, it may be appropriate to preserve the data in place to perform data analysis in the cloud.


How does the role of discovery delivery change, and how are legal and IT roles changing?

Increasingly organizations have the ability to quickly build out low cost, cloud-based solutions for application development and data analysis, often without involving IT. Accordingly, IT may no longer be the sole source of all data for an organization, which can cause potential challenges with regulatory requirements or discovery requests.

Applications also have the ability to source data from cloud-based systems and on-premise systems alike, leading to complex data preservation and analysis situations. Legal teams will likely be further challenged as concepts of data ownership and custodianship evolve with cloud-based data sources and cloud accessible applications.

cloud reflection

Is your organization anticipating, planning, or already conducting cloud-based discovery?

Did you find this useful?