In recent years, according to NIST, more varied sources of data have become important, including the cloud.
As cloud adoption continues to grow, understanding and advancing cloud forensics practices are essential for investigators who face more challenges in retrieving and analyzing data stored remotely. And with the majority of apps now being cloud-based, the ability to leverage better cloud forensics is increasingly more critical for law enforcement and corporate incident investigations.
The challenges cloud forensics presents to investigations are unique when compared to traditional digital forensics, but not insurmountable . . . with the right solutions.
Since 2014, Oxygen Forensic® Detective has taken the lead in bringing the first cloud extraction tool – Cloud Extractor – to the forensic industry and has continued to add innovative capabilities as the cloud as evolved.
Cloud service provider access and control limitations
Because cloud service providers typically control the data, investigators can encounter limited access to data, logs, and other artifacts relevant to their investigation. As a result, investigations often depend on the cooperation and responsiveness of a service provider.
Our solution: Extracting from more cloud services than any other tool
Oxygen Forensic® Detective extracts data from over 100 cloud services including social media platforms, messaging apps, and storage services. Investigators can gain access to popular cloud services like WhatsApp, Telegram, iCloud, Google, Samsung, Microsoft, Facebook, Instagram, Twitter, Box, Dropbox, and Bitcasa.
Customer Story
The best part of Oxygen Forensics is its cloud support. Cloud forensics is very important for any law enforcement agencies. People across India love this feature, as well as multiple features that are very unique to Oxygen Forensic® Detective.”
– Niraj Kumar, 3rd Eye Techno Solution Pvt. Ltd.
Encryption and data fragmentation
Data stored in the cloud is often encrypted and fragmented among different storage systems, forcing investigators to reassemble data for thorough analysis. When passwords are unavailable or encrypted, obtaining the necessary credentials or permission to access cloud data can be a challenge.
Our solution: Extract and use authentication tokens
One of the standout features of Cloud Extractor is the ability to extract and use authentication tokens or credentials from mobile devices to access cloud accounts. This is particularly useful when direct access credentials are unavailable, allowing investigators to retrieve data without requiring the user’s password.
These tokens can then be used to bypass certain layers of encryption and access cloud services without needing the user’s direct login credentials. As a result, investigators can retrieve data encrypted within cloud storage plus mobile devices, Windows, macOS, and Linux computers.
Slow data extraction and processing
Faster speed – and time — to results are critical in cloud forensics, too. Slow extraction and processing of data from the cloud can push back case and client deadlines, wasting investigation time and resources.
Our solution: Superior speed to results
Our customers have shared their findings – 5-to-10 times faster processing with Oxygen Forensic® Detective – that add up to dramatically improved efficiency even with larger cloud data volumes.
Oxygen Forensic® Detective can ingest 24 types of data including mobile phone, computer, and the widest range of cloud data and services in the industry, including email, automobile, drone, fitness apps, and much more.
Customer Story
“We use a variety of tools for collection – and in our case, we first started using Oxygen because of its cloud extraction capabilities – but it didn’t take long for us to notice that if we load a variety of collected data into two tools, one being Oxygen and the other being literally any other tool we have, Oxygen routinely processes the data, provides it to us in a reviewable form and then exports the end result before other tools have even finished processing the data for us to begin looking at it.”
– customer interviewed at a recent industry event
Large, bulky volumes of cloud data
Simply extracting data from cloud environments is no longer enough. The process of extracting large datasets has added time required to sort and identify data, while stressing the limitations of resources and storage. As a result, more investigators are turning to targeted cloud extraction to streamline investigations and reduce backlogs.
Our solution: Efficient targeted cloud extraction
Investigators can use targeted cloud extraction techniques to extract data from cloud-based applications, such as email platforms, collaboration tools, or productivity suites, to gather evidence related to user activities, communications, and file sharing to name a few.
Examples of how targeted cloud extraction benefits the collection of data include processes such as analyzing file metadata, storage snapshots, and versioning histories to recover relevant evidence and reconstruct the data at different points in time. In these and other collection profiles, targeted cloud extraction can empower investigators with better focus that translates to more efficient investigations.
Data parsing and analysis
Cloud data can be highly transient, with instances being created, modified, and deleted rapidly. The vast volume of data extracted from cloud services — often in different formats — can be a challenge to parse and analyze efficiently.
Our solution: Industry-best tools
Once data is extracted from the cloud, Oxygen Forensic® Detective provides robust tools for parsing and analyzing the data. This includes the ability to visualize data in timelines, maps, and other formats that make it easier to identify patterns and relationships within the data.