Forensics in the cloud

Millnet has recently appointed Stuart Clarke as Head of Digital Forensics & Technical Services.  Before joining Millnet in June, Stuart was Principal Consultant at PA Consulting Group, an appointment which arose from PA’s takeover of information security consultancy, 7Safe, where he was Senior Consultant and Forensic Services Manager.

It is fair to say that Stuart is steeped in the business of digital forensics – he holds a first class honours degree in Computer Forensics from Northumbria University, where amongst other things he developed special expertise in detecting network attacks.

Subsequently, Stuart has been called as an expert witness and has had papers on identity theft published in Computer Weekly and City Security. At 7Safe, Stuart was involved in the development and delivery of a Masters Degree course in digital forensics and his interest in education and training in his subject is ongoing.

Clearly, this appointment signals Millnet’s intention to beef up its presence at the ‘front end’ of the electronic discovery/disclosure process, so we asked Stuart to give us his perspective on what lies ahead.

Why this new Millnet initiative?

SC:  In the recent past Millnet outsourced most of its digital forensics, though in the process of advising clients on data collection and analysis we built up a good deal of in-house expertise.

Bringing this front end activity in house is both recognition of the growth in demand per se, and of the growing importance of digital forensics to Millnet’s total e-discovery offering. This gives the forensics aspect more focus, and allows us greater flexibility in terms of the e-discovery solutions we can offer.

What do you think is the biggest challenge in digital forensics today?

SC:  Without a doubt, it’s the growing usage of computing ‘in the cloud’ – and from that, dealing with the plethora of mobile and other devices that can connect to the cloud.

So the initial phase of discovery now has to extend beyond a firm’s formal IT infrastructure?

SC: That’s right. These days we have to look into the cloud, in places that are beyond the normal remit and control of IT departments. This space includes social networks like Facebook, LinkedIn, Twitter and file hosting or sharing platforms like Dropbox, Google Docs, SkyDrive and the rest.

There are the serious and often unresolved issues around who owns this ‘enterprise social data’ – the individual or his/her employer? The global reach of social media can give rise to jurisdictional issues too – whose law is cloud data subject to?

So our challenge is how to ‘break down’ this new media for discovery when the need arises. Not surprisingly, legal interpretation and practice lags well behind the cloud and we are usually operating at the leading edge in both the technology and in its application.

Then, there are the obvious practical issues dealing with the multitude of ‘smart’ devices (iPads, Android tablets, smart phones and so on) that can connect to the cloud. This requires a whole new body of expertise.

The story so far, is that digital forensics has been an ‘after the event’ action when things have gone wrong as has been the case with many of the litigation matters that Millnet is asked to advise on. But we know from our own efforts to implement ISO 27001 that there’s also a need to reassess the organisation’s security policies and preventive measures – this exercise can be particularly challenging in the light of the explosion of cloud apps and social media.

Does digital forensics have anything to contribute ‘before the event’ ?

SC: Viewed from opposite perspective, there’s a drive to consider the twin issues of governance and readiness. The challenge for the enterprise is how to control/manage cloud apps, mobile device and social network usage in a sensible way that ensures that sensitive data is as secure as possible and at the same time be ready to deal with the consequences, should things turn out otherwise.

Looking ahead, we will continue to develop solutions for breaking down data held within the cloud and mobile devices and we’ll use this as part of the discovery process. And we will be doing a lot more education – we are planning a digital forensics roadshow and we now have the capacity to offer scheduled and bespoke training on digital forensics.

Thanks for this quick round up, Stuart. I’m sure we will be returning to this subject fairly often in the coming weeks and months!

Profile:  Stuart Clarke on LinkedIn
Millnet website: Digital forensics service
Press Release: Millnet appointment anticipates digital forensics ‘in the cloud’