Cloud Forensics

Carney Forensics collects evidence from web-based, online, or “cloud” accounts, for clients like yours as a plan “B” for challenging litigation and investigations.  Often cell phones, tablets, and laptops are destroyed, damaged, lost, or encrypted with a forgotten password.  So backups of device data from the cloud, when forensically recovered, have the power to save your case.  Today cloud forensics plays an important role in litigation and investigations equal to data recovered from digital devices.  Therefore, cloud evidence is rapidly becoming “best evidence” for civil and criminal cases like yours.

Cloud Forensics Collections

Carney Forensics uses world-class cloud forensics tools to collect digital evidence from private cloud accounts subscribed to by individuals, groups, or institutions.  We always obtain legal authorization conferred by a subpoena, court order, or party consent before undertaking cloud forensics collections.  These cloud forensics tools also collect publicly available evidence from social media accounts like Facebook, Twitter, and Instagram. They support your investigations with new facts and insights. By the way, legal authority is unnecessary for public investigations because the evidence is available to everyone.

Recover Cloud Evidence from Storage Services and Apps

Whatever digital online evidence your client or opposing party may possess or control in the cloud, we have the tools to collect it forensically.  For instance, we recover cloud evidence from global Internet Service Providers (ISPs) like Google, Apple, Microsoft, Amazon, and Samsung.  We forensically collect documents and other digital content from cloud storage services like Dropbox, Google Drive, iCloud Drive, Microsoft OneDrive, Box, and others.  And we recover messages from cloud-based apps like WhatsApp, Snapchat, Hangouts, Slack, Skype, Telegram, Viber, Twitter, Instagram, and Pinterest. Last, we recover messages from many multiplayer online gaming environments. In total, we collect online evidence from over one hundred unique cloud services.

Cloud Forensics for Google Workspace and Microsoft Office 365

We support electronic discovery for civil litigators by collecting traditional digital documents and email evidence from your client or opposing party.  Carney Forensics collects the most popular corporate cloud providers including Google’s Workspace, formerly G Suite, and Microsoft’s Office 365, SharePoint, and Teams.  We also recover critical audit logs from Google Workspace and Microsoft Office 365.  Audit logs verify when and by whom documents were created, modified, and downloaded.  This critical information often lays the foundation for material cloud evidence upon which your case may turn in summary judgment motions and trials.


Cloud Forensics FAQs

What is Cloud Forensics?

According to NIST:
Cloud forensics is the application of digital forensics science in cloud computing environments.

Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence.

Organizationally, it involves interactions among cloud actors (i.e., cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations.

According to Darshik Jariwala:
Cloud Forensics is cross-discipline between Cloud Computing and Digital Forensics. Cloud Forensics is actually an application within Digital Forensics that oversees the crime committed over the cloud and investigates it. Cloud computing is based on a huge network, which spreads globally. Hence, Cloud Forensics is said to be a subset of Network Forensics. The basic technique remains as the forensic investigation of a network.

Can cloud accounts be collected for evidence from connected cell phones?

Generally, yes.  Even if the phone is damaged or lost, cloud examiners can collect large amounts of evidence, sometimes exceeding that which is available on the connected cell phone.  Cloud collection requires legal authority and proper authentication credentials to access the cloud evidence.

Are geolocation data and GPS coordinates stored in cloud accounts?

Yes. An Apple iCloud account, if connected to the iPhone, stores photographs and videos captured with its camera.  Those photos and videos usually contain embedded geolocation data in the form of GPS coordinates.  Also, iPhone app data is stored in the connected iCloud account and often includes GPS device locations.  Think about Apple Maps and other iPhone navigation apps.

Google accounts also store photographs, videos, and app data for connected Android smartphones.  Google Maps is a popular app with GPS coordinates.  But Google accounts support another avenue to harvest GPS data.  The Google Timeline for connected Android apps is stored in the cloud account and records the Google Location History for places the phone has visited for years.