If a considerable proportion of your business operations are conducted via computer, it is likely that you use a range of software, such as a word processor, email client, accounting package and client relationship management tool.
For every piece of software in an office there is usually a purchase cost involved, as well as further costs and man hours associated with repairing, updating and upgrading the software as and when necessary. ‘Cloud computing’ addresses this issue by moving away from ‘software’ applications installed on the client’s computer and instead offering access to the applications via the internet.
With cloud computing, the application is hosted on a central server, which means that updates and maintenance can be carried out by the provider, and the costs spread between all the users in the form of a subscription fee. Since there could be hundreds, thousands or even millions of subscribers, it is possible for the application to be offered with no user-end maintenance required at a comparatively low cost.
A recent survey by software testing firm AppLabs found that 30% of companies in the Forbes Global 2000 were already using cloud applications, with a further 20% planning to move to cloud computing in the next 12 months. As increasing numbers of businesses move their operations into the cloud, computer crime investigators are presented with new benefits, but also problems.
Computer forensic investigations involve the scientific analysis of computer equipment to recover legally admissible evidence. In an instance where the security of a firm’s digital data has been compromised, computer forensics experts might be called in to analyse each computer terminal involved for evidence, the first stage of which is to carefully replicate the contents of each drive exactly so that original evidence cannot be contaminated.
This process can be very time consuming but if the information is all stored within the cloud, then a simple click of the mouse could potentially produce an exact image of the current state of the firm’s data, allowing the investigation to progress much more quickly.
However, there is also a downside to cloud computing. If an application is accessed via the cloud, registry entries (which record user activity) and other useful artefacts such as temporary files, will be stored within the virtual environment and so lost when the user exits, making evidence traditionally stored on the hard drive potentially unrecoverable.
In response to this, some commentators have suggested that the information could be provided by the application vendor on request from law enforcement officials, but this too poses problems. The recovery of computer-based evidence in the UK must follow a strict, auditable procedure as laid out by the Association of Chief Police Officers, so it may be that information extracted by non-experts could be unintentionally contaminated and thus rendered inadmissible in a court of law.
In addition, while the confiscation of physical computer equipment following an arrest is relatively straightforward, the legal process required to gain access to private data held online is more complicated, so this could put a delay on investigations where the recovery of evidence is typically time critical.
At present, there is no foolproof, universal method for extracting evidence in an admissible fashion from cloud-based applications, and in some cases, very little evidence is available to extract. As such, cloud computing represents just one of the fast-paced technological developments that is presenting an ongoing challenge to legislators, law enforcement officials and computer forensic analysts.