The ticking time bomb known as cloud forensics

We must address the issue of when and how your cloud data can be seized by police and government agents

We've seen the news reports with carloads of FBI agents, windbreakers and all, rushing into a business to seize paper records and servers. The evidence is analyzed later to prove a crime using computer forensics. However, the more likely use of computer forensics will be requirements around lawsuits: accounting records, emails, transaction data, and so on, all used to tell a story that will benefit either the plaintiff or the defense.

The problem comes when we move data to the public clouds. How do we deal with legal issues, such as lawsuits and law enforcement? For the most part, organizations moving to the cloud have not even considered this issue.

[ Hands-on review: 8 IaaS public cloud services put to the test| For the full scoop on the state of the cloud in the enterprise, check out InfoWorld's Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

Indeed, according to Network World, "Any business that anticipates using cloud-based services should be asking the question: What can my cloud provider do for me in terms of providing digital forensics data in the event of any legal dispute, civil or criminal case, cyber attack, or data breach?"

The reality is that each cloud provider takes a different approach to cloud forensics. Although some have polices and procedures around warrants showing up at the data center door, including data retention policies, other cloud providers have not yet begun to think through this issue.

The technology issues they need to consider include how to hand over just the data required, what to do if there is missing data, and how to deal with encryption. Moreover, what if the cloud provider is in a foreign country and not subject to U.S. laws? You've heard of offshore accounts to avoid legal issues; perhaps we'll hear of offshore clouds as well.

Some of these issues are being considered in the Cloud Forensics Working Group at the National Institute of Standards and Technology (NIST). It is looking at the requirements around cloud forensics, and it'll make suggestions regarding best practices.

I suspect we'll really begin to understand this issue after a few well-publicized court cases where data in the cloud turned out to be the smoking gun or, in some instances, where cloud providers either lost the data or were incapable of producing it on demand. No matter what, the issue will make for interesting legal discussions.

This article, "The ticking time bomb known as cloud forensics," originally appeared at Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at For the latest business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.