Re: Cloud Forensics continued [Was - Re: Bruce Schneier on Google Apps...}

[zach peerand <zpeerand () gmail com>]

this is a valid argument if it is a case that involves forensics, it
happens and is mostly associated with criminal charges as outlined.
E-discovery when dealing with civil cases normally does not end up
with forensic investigation of storage media instead the common
practice is to make copies of live systems or take the backups from
live system and process that data that has been handed off to the
lawyers when they ask for it. It is normally the defense side that
incurs the cost of e-discovery and they are motivated under the
Federal Rules of Civil Procedure to produce/provide all pertinent data
associated with the case. The failure to do so has lead to fines
and/or judgments against the defense for failure to produce the data.
A lot of cases today deal with multiple terabytes of data and even the
idea of doing a full forensic analysis on this in a civil case is cost
prohibited so it is extremely rare that the original storage media is
handed over in a typical e-discovery case. But I would say that the
copy that is made of the data is treated as evidence and sound
forensic procedures are followed to extract the data off the media to
insure it is not altered in the process. So from a perspective of the
average e-discovery case the source of the data be it a local server,
a server hosted in a data center or something in a cloud somewhere as
long as the data was accessible and can be exported/copied along with
associated meta data it does not matter the source location.

E-discovery and even forensics analysis of data under a criminal
investigating is a much different concern then security of the data
when thinking of the cloud and data storage. They all need to be
thought about but each needs to be considered separately on a case by
case basis.

Now this is just my observations working at an e-discovery provider
and as always when it comes to legal matters your mileage may vary and
you should always consult with a lawyer first.

-Zach Peerand

On Wed, Jul 29, 2009 at 14:07, Ali, Saqib <docbook.xml () gmail com> wrote:
> > Fed on stand: "No we weren't allowed to check states or make bit copies..."
>
> Firstly, Google or any other SaaS provider operate under exactly the
> same laws that you do.
>
> You make valid arguments. But I suppose the same arguments were made
> when the world moved from paper based memos to email for official use.
> The memos were filed in a in a locked filing cabinet. And any type of
> tampering was fairly evident. But once we moved electronic mail, there
> was no locked metal filing cabinet. Everything resided on a user's PC,
> which could be infested with malware and rootkits. How do you know
> that some rootkit was not modifying or deleting the user's emails. The
> rules of investigation and evidence collection changed with the
> introduction of email, and same will happen when we move to cloud for
> email. Things change.
>
> Just my $0.02
>
> Saqib
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------