Leveraging the cloud to uplevel your digital forensics practice
Agencies can clear their case backlogs and better manage their workflows with a secure, scaled cloud solution
By Detective Sergeant Christopher Collins
In modern digital forensic laboratories, the intake of devices as evidence to be processed and the evolution of technology in consumer-grade electronics are table stakes. This increasing volume of digital evidence calls for secure storage. As traditional offsite storage options pose a physical and cybersecurity risk, as well as a financial burden, cloud-based solutions have emerged as a cheaper and safer option for agencies.
Law enforcement can utilize cloud solutions through services that allow a Cloud Service Provider (CSP) to rent their computers or servers for a range of tasks such as storage space and computing. Renting gives agencies access to powerful computers at a fraction of the cost of purchasing the same system. But there are several factors law enforcement agencies need to consider when exploring this new option.
Considerations for getting started with cloud storage
On the surface, it is relatively easy to obtain cloud storage, but there are restrictions to consider when discussing the storage of law enforcement case data in the cloud. There are multiple different federal and state regulations that must be considered, including the FBI’s CJIS Security Policy, NIST publications and FIPS to name a few. Selecting a CSP that meets or exceeds these requirements so that they may do business with the federal government is critical.
Amazon Web Services (AWS) Gov Cloud can be used for sensitive data storage and can be obtained through AWS’ Partner program. AWS also partners with technology providers, such as Cellebrite, for seamless use with evidence management and storage programs through Cellebrite Guardian.
Microsoft’s Azure cloud platform also offers Azure for Government which provides a safe and secure storage medium for sensitive information. Among Azure’s partners is CloudFit, which recently established a total solution for the Southern Virginia Internet Crimes Against Children Task Force (SOVA ICAC). SOVA ICAC suffered a critical local storage server failure that resulted in several years of case data and evidence being lost. CloudFit stepped up and developed an extremely secure service for SOVA ICAC to use Microsoft’s Azure Government Cloud for hot storage that can be retrieved on demand, and cold storage that is archived in a secure environment to which hot storage is constantly backed up for redundancy and data security.
When comparing local storage to the cloud, departments must also account for different costs associated with local storage options. The implementation of the local storage and maintenance costs can become a hindrance. If a department does not have an IT staff to set up the local storage server that job often falls on an employee of the department as an “extra duty” or an exaggerated cost of hiring a contractor.
Over time local storage options will need maintenance such as drive and computer replacements, and depending on the task it can unravel into a large-scale job. Utilizing certain local storage options can be prohibitive, such as in the event of a storage server needing to have a drive replaced or storage expansion which requires that the server be taken offline and reconfiguration of all drives.
Cloud solutions have become paramount to the success of law enforcement agencies, saving investigators valuable time without constantly battling to safely store and manage data. As digital forensics becomes more integral to investigations, agencies can clear their case backlogs and better manage their workflows with a secure, scaled cloud solution that best supports their investigators, ultimately yielding safer public communities.
The future of digital forensics
Technology is constantly evolving in consumer-grade electronics, from the 1-terabyte Apple iPhone to 100-terabyte solid-state computer hard drives, and the need to store digital evidence is increasing. If agencies continue to use hard drives as their data storage method, they will be exposed to the inherent risk of data degrading over time and the chain of custody being called into question.
Cloud solutions provide a storage medium that is managed by a validated third party, including through audits and access logs to maintain the chain of custody, and have robust cybersecurity standards in place to ensure data integrity. There is no question “if” the cloud is the future of law enforcement digital evidence storage, only when will your agency invest in the future or fall behind.
About the author
Christopher Collins is a seasoned law enforcement professional whose work focuses on finding justice for the voiceless children who fall victim to predators. He is passionate about curbing the rise of violent crimes through digital forensics and criminal investigations. Christopher has a robust background in mobile device forensics and cloud-based services for digital forensics and also serves as an adjunct instructor for the Law Enforcement Academy.