Skip to main content

  1. Authenticity and Integrity: Forensic preservation safeguards electronic evidence, maintaining the original state of user interactions and ensuring data authenticity and integrity.

  2. Legal Compliance: By meticulously preserving user accounts, organizations adhere to legal mandates, promoting transparency, and maintaining accountability throughout e-discovery investigations.

  3. Insightful Analysis: Preserved user accounts provide a comprehensive record of behaviors, communications, and transactions, enabling the extraction of valuable insights and the identification of critical patterns.

  4. Evidentiary Weight: Establishing a credible chain of custody through forensic preservation enhances the evidentiary value of digital data, bolstering its significance in legal proceedings.

  5. Comprehensive Exploration: Forensic preservation empowers investigators to navigate the complexities of cloud-based platforms, facilitating a thorough and accurate exploration of information for informed decision-making.

Top 5 Resons Why You Should Include Cloud Data Sources Into your E-Discovery Investigations

    The Cloud Sites We Support And The Types Of Data Can Be Searched And Extracted

    • AWS S3

      • Bucket and object metadata: Metadata about the buckets and objects stored in the S3 account, including information such as creation and modification dates, permissions, and encryption status.
      • Access logs: S3 provides access logs that show a record of all requests made to the user's buckets and objects, including metadata such as the date and time of the request, requester's IP address, and details about the requested resource.
      • CloudTrail logs: CloudTrail logs can provide a record of all activity in the AWS account, including changes to S3 resources, metadata about the changes, and the AWS Identity and Access Management (IAM) user who made the change.
      • Server logs: S3 server logs contain information about the requests made to S3 buckets and objects, including metadata such as the date and time of the request, IP address of the requester, and details about the requested resource.
      • Bucket and object ACLs: Access Control Lists (ACLs) define the permissions for buckets and objects in the S3 account, and can provide insight into who has access to the data stored in the account.
      • Encryption keys: If the user has enabled server-side encryption for their S3 data, forensic examiners may be able to recover the encryption keys used to protect the data.

    • Microsoft Azure

      •  Virtual machines: Information about the virtual machines created in the Azure account, including metadata such as virtual machine names, creation and modification dates, and disk images.
      • Storage accounts: Information about the storage accounts created in the Azure account, including metadata such as account names, creation and modification dates, and storage containers.
      • Azure SQL databases: Information about the SQL databases created in the Azure account, including metadata such as database names, creation and modification dates, and server names.
      • Network traffic: Network traffic logs can provide information about the user's network activity, including IP addresses, ports, and protocols used.
      • Audit logs: Azure provides audit logs that show a record of all user activity in the account, including metadata such as the date and time of the activity, user ID, activity type, IP address, and details about the resource involved.
      • Security Center data: The Azure Security Center provides information about security events and vulnerabilities in the user's environment, including metadata such as the date and time of the event, severity level, and details about the affected resource.

    • OneDrive

      • File metadata: Information about the files stored in the OneDrive account, including file names, creation and modification dates, file size, and file type.
      • Access logs: OneDrive provides access logs that show a record of all user activity in the account, including metadata such as the date and time of the activity, user ID, activity type, IP address, and details about the file involved.
      • Deleted files: OneDrive keeps a record of all files that have been deleted from the account, including metadata such as the file name, deletion date, and user ID.
      • Shared files: OneDrive allows users to share files with other users, and forensic analysis can reveal information about the files shared, including metadata such as the file name, user ID, and date and time of the share.
      • Version history: OneDrive allows users to store multiple versions of a file, and forensic analysis can reveal information about the different versions of a file, including metadata such as the version number, date and time of the version, and user ID.
      • Sync data: OneDrive can be configured to automatically sync files to local devices, and forensic analysis can reveal information about the sync activity, including metadata such as the date and time of the sync, user ID, and details about the files involved.

    • SharePoint

      • Site metadata: Information about the SharePoint sites that the user has access to, including site names, creation and modification dates, and site owners.
      • User activity logs: SharePoint provides activity logs that show a record of all user activity in the account, including metadata such as the date and time of the activity, user ID, activity type, and details about the item involved.
      • Document metadata: Information about the documents stored in the SharePoint account, including document names, creation and modification dates, document type, and document size.
      • Deleted documents: SharePoint keeps a record of all documents that have been deleted from the account, including metadata such as the document name, deletion date, and user ID.
      • Access permissions: SharePoint allows users to grant access permissions to other users, and forensic analysis can reveal information about the access permissions, including metadata such as the user ID, access level, and date and time of the permission grant.
      • Version history: SharePoint allows users to store multiple versions of a document, and forensic analysis can reveal information about the different versions of a document, including metadata such as the version number, date and time of the version, and user ID.
      • Site settings: SharePoint site settings contain information about the site's configuration, including metadata such as the site name, site owner, and site permissions.

    • DropBox

      • Login and access logs: Dropbox logs all login attempts and access to files. These logs can reveal the IP address, time, and type of access (e.g., read, write, delete) for each login or access event.
      • File metadata: File metadata in Dropbox can reveal information about when a file was created, last modified, and who modified it. This information can be used to determine if any unauthorized access or changes were made to files.
      • Deleted files: Dropbox stores deleted files in a hidden trash folder for 30 days. Forensic analysis of this folder can recover deleted files and determine if any malicious activity occurred.
      • File contents: Forensic analysis of the contents of files stored in Dropbox can reveal information about user activities, such as email addresses, passwords, and other sensitive data.
      • Shared links: Dropbox allows users to share files via shared links. Forensic analysis of shared links can reveal who accessed the files, when they accessed them, and what actions they performed on the files.
      • Third-party applications: Dropbox allows third-party applications to access user data. Forensic analysis can reveal which third-party applications were granted access, what data they accessed, and when they accessed it.

    • Google

      • Gmail: Email messages sent and received through the user's Gmail account, including metadata such as sender and recipient addresses, message content, and dates and times.
      • Google Drive: Files and folders stored on Google Drive, including metadata such as file names, creation and modification dates, and file sizes.
      • Google Calendar: Calendar data synced with Google Calendar, including metadata such as event details, dates, and times.
      • Google Contacts: Contact data synced with Google Contacts, including metadata such as contact names, phone numbers, email addresses, and other details.
      • Google Maps: Location data, search history, and other activity data collected by Google Maps, including metadata such as dates and times of activity.
      • Google Photos: Photos and videos stored in Google Photos, including metadata such as dates and locations of capture.
      • Google Voice: Call logs, voicemails, and text messages sent and received through Google Voice, including metadata such as caller and recipient phone numbers and dates and times of activity.
      • Google Search: Search history and other activity data collected by Google Search, including metadata such as search terms, dates and times of activity, and IP addresses.
      • Google Analytics: Website usage and other activity data collected by Google Analytics, including metadata such as dates and times of activity, IP addresses, and other information about the user's browsing behavior.

    • Mega

      • File uploads and downloads: Mega allows users to upload and download files to and from their accounts, and logs these activities. Forensic analysis of file upload and download data can reveal a user's file-sharing activities, including the types of files shared and potentially sensitive information.
      • File metadata: Mega files contain metadata, such as file names, sizes, and creation/modification dates. Forensic analysis of file metadata can reveal information about a user's file usage patterns and potentially identify other users who have shared or accessed the files.
      • Contact information: Mega users can create and manage contacts within the app, which can be analyzed to identify potential witnesses or accomplices.
      • Account creation and login history: Mega logs all account creation and login attempts, which can reveal information about a user's account usage patterns and potentially identify other users who have accessed the account.
      • Encryption keys: Mega encrypts user files using end-to-end encryption and user-controlled encryption keys. Forensic analysis of encryption keys can potentially reveal valuable information about a user's file sharing activities and any sensitive information contained within the files.

    • Teams

      • Communication history: Microsoft Teams logs all communications made by the user, including chat messages, audio and video calls, and file sharing activities. Forensic analysis of communication history data can reveal valuable insights into user activities, including discussions about sensitive topics and interactions with other users.
      • Meeting history: Microsoft Teams logs all meetings attended by the user, including meeting titles, start and end times, and other metadata. Forensic analysis of meeting history data can reveal information about a user's work schedule, meeting attendance patterns, and potentially sensitive information discussed during meetings.
      • User profile information: Microsoft Teams user profiles contain a range of information, including name, email address, and profile picture. This information can be used to build a profile of the user and potentially identify them.
      • Channel and group information: Microsoft Teams allows users to create and join channels and groups, which can contain valuable information about user activities and potentially sensitive information discussed within the channel or group.
      • Device information: Microsoft Teams logs information about the devices used to access the account, including device types, operating systems, and IP addresses. Forensic analysis of device information data can reveal information about a user's work environment and potentially identify other users who have accessed the account.
      • Access logs: Microsoft Teams logs all login attempts and access to user accounts. These logs can reveal the IP address, time, and type of access (e.g., login, logout) for each event.

    • iCloud

      • Device backups: Full or partial backups of the user's iOS or macOS devices, including data such as contacts, messages, call logs, photos, videos, and app data.
      • iCloud Drive: Files and folders stored on iCloud Drive, including metadata such as file names, creation and modification dates, and file sizes.
      • Photos and videos: Photos and videos stored in iCloud Photos, including metadata such as dates and locations of capture.
      • Contacts and calendars: Contact and calendar data synced with iCloud, including metadata such as contact names, phone numbers, email addresses, and event details.
      • Notes: Notes stored in the user's iCloud account, including metadata such as the note content, creation and modification dates, and tags.
      • Mail: Email messages sent and received through the user's iCloud email account, including metadata such as sender and recipient addresses, message content, and dates and times.
      • App data: Data stored in iCloud by third-party apps, including metadata such as app names, file names, and creation and modification dates.
      • iCloud Keychain: Stored usernames, passwords, and other sensitive data synced across the user's devices.