Cloud Forensics

We began collecting evidence from web-based online, or “cloud” accounts, for clients like yours as a plan “B” for challenging litigation and investigations.  Often smart phones, tablets, and laptops are destroyed, damaged, lost, or encrypted with a forgotten password.  So backups of device data from the cloud, when forensically recovered, have the power to save your case.  Today cloud forensics plays an important role in litigation and investigations equal to data recovered from digital devices.  Therefore, Cloud evidence is rapidly becoming “best evidence” for civil and criminal cases like yours.

Cloud Forensic Collections

Carney Forensics uses world-class cloud forensics tools to collect digital evidence from private cloud accounts subscribed to by individuals, groups, or institutions.  We always obtain legal authorization conferred by a subpoena, court order, or party consent before undertaking cloud forensics collections.  These cloud forensics tools also collect publicly available evidence from social media accounts like Facebook, Twitter, and Instagram. They support your investigations with new facts and insights. By the way, legal authority is unnecessary for public investigations because the evidence is available to everyone.

Recover Cloud Evidence from ISPs, Storage Services, and Apps

Whatever digital online evidence your client or opposing party may possess or control in the cloud, we have the tools to collect it forensically.  For instance we recover cloud evidence from massive, global Internet Service Providers (ISPs) like Google, Apple, Microsoft, Amazon, and Samsung.  We forensically collect documents and other digital content from major cloud storage services from Dropbox, Google Drive, iCloud Drive, Microsoft OneDrive, and Box.  And we recover messages from cloud-based apps like WhatsApp, Snapchat, Hangouts, Slack, Skype, Telegram, Viber, Twitter, Instagram, and Pinterest. Last, we recover multiplayer online gaming environments. In total we collect online evidence from 98 unique cloud services.

Google Workspace and Microsoft Office 365

We support electronic discovery for civil litigators by collecting traditional document and email evidence from your client or opposing party.  Carney Forensics collects the most popular corporate cloud providers including Google’s Workspace, formerly G Suite, Microsoft’s Office 365 and SharePoint, and also Box.  We also recover critical audit logs from Google Workspace and Office 365.  So audit logs verify when and by whom documents were created, modified, and downloaded.  This critical information often lays foundation for the cloud evidence upon which your case may turn in summary judgment motions and trials.

Cloud Forensics FAQs

What is Cloud Forensics?

According to NIST:
Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e., cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi- tenant situations.

According to Darshik Jariwala (March 20, 2013):
Cloud Forensics is cross-discipline between Cloud Computing and Digital Forensics. Cloud Forensics is actually an application within Digital Forensics which oversees the crime committed over the cloud and investigates it. Cloud computing is based on a huge network, which spreads globally. Hence, Cloud Forensics is said to be a subset of Network Forensics. The basic technique remains as the forensic investigation of a network.

My client’s phone is damaged and will not power up. Can you collect the data from cloud accounts connected to the phone?

Generally, yes.  Even if the phone is damaged or not physically available, we can collect large amounts of data, sometimes exceeding that which is available on the phone.  Cloud collection requires legal authority and proper authentication credentials to access the cloud evidence.

Is my client’s GPS data stored in his or her cloud account?

Often it is.  Apple iCloud accounts, if connected to the iPhone, store photos and videos captured with its camera.  Those photos and videos often contain embedded GPS coordinates.  Also app data from many iPhone apps is stored in the connected iCloud account and sometimes includes GPS coordinates.  Think the Apple Maps app and others.

Google accounts also store photo, video, and app data for connected Android smart phones.  Google Maps is a popular app with GPS coordinates.  But Google accounts support another avenue to harvest GPS data.  The Google Timeline for connected Android apps is stored in the cloud account and generally contains Google Location History for places the phone has been, sometimes for years.