Introduction The use of cloud services has skyrocketed primarily because it is cheaper and more convenient than the alternative. Unfortunately, many companies have entered the cloud without first checking the weather forecast or performing a risk analysis. What happens if the cloud gets stormy, you suffer a breach, and you find yourself in the position of having to conduct digital forensics? What now? Can you collect data yourself? Where is your data? Who else has had access to your data? Is the provider the actual data holder or have they subcontracted? Many of these issues are better addressed before you enter the cloud. Failing that, what can you do? Challenges of Cloud Forensics Unlike traditional digital forensics, cloud forensics presents a unique challenge due to the omnipresent nature of “the cloud.” Many of these challenges are legal and can be overcome by planning. National Institute of Standards and Technology (NIST) defines the cloud as, “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”1 Okay, in English, the cloud is a service, like online backup, online software, and other computing services, owned by someone else and not physically resident on your computer, similar to renting a car. It can be accessed from anywhere you have an Internet connection. Many people mistakenly assume that services such as Gmail, Yahoo, LinkedIn, etc., are cloud services. The primary difference is that those services are free, whereas cloud services require payment by subscribers. This distinction is important, because it provides a clearer description of the cloud. Privacy and legal issues will likely differ for paid and free services, as will the ability to negotiate the terms of service. The absolute necessity to negotiate the terms will be discussed later in this paper. The four defining characteristics of the cloud are: on-demand self-service, rapid elasticity, location independence4 , and data replication5 . Why You Would Need to Collect Data from a Cloud Provider? This white paper explores issues a company or forensic examiner may face when collecting information from the cloud with a primary focus on civil litigation or other action as opposed to collecting evidence for criminal pros- Global Knowledge Training LLC. All rights reserved. 3 ecution. Much overlap exists between the situations, and some comparisons will be made. Although this paper discusses many legal issues, this is not a legal “how-to” article, as it does not discuss any and every potential issue, tool, technique, etc. The purpose is to provide some insight into cloud forensics. My research on the topic has not yielded a source that provides clear and concise guidance, so I hope this starts the ball rolling. The issues I’ll cover include:
• Can you collect the data yourself?
• Which jurisdiction applies?
• Can you compel the disclosure of data?
• What tools or techniques are available for compelling information?
• Can you prepare for cloud forensics?