Applying Cloud and Mobile Device Forensics

1602 words (6 pages) Essay

23rd Sep 2019 Information Systems Reference this


Disclaimer: This work has been submitted by a university student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of

Applying Cloud and Mobile Device Forensics

Data Acquisition from Tablet, Smart Phone and GPS Mobile Devices

To assess the validity of a complaint on the Technology Inc. tip line, there are some initial steps to be taken by Sam, the Regulations and Compliance Officer for the company. Gathering basic information such as the name of the delivery driver in question, a listing of the company assets assigned to him, his scheduled delivery times and locations, along with any other subsequent employee data (i.e. other complaints, scheduled work hours) would be helpful to understand who the subject in question is. Additionally (although the caller was anonymous), if possible, it is important to get similar information from the caller as well such as their name and contact information (if willing to provide) and more importantly what suspicions led them to report the specified complaint. Upon the validation of the information provided by the caller, Sam should provide this information to a forensic investigator.

The driver has been given company issued devices and transportation means, which are used to carry out his labor duties. All drivers are issued a cell phone, tablet and delivery van that is equipped with GPS to assist the drivers in locating their delivery locations along routes. Once determined if these devices are returned each day at the close of business or allowed home with the employees, that can determine which course of action for evidence collection. If devices are returned to the office daily, physical, manual and logical acquisition can be methods to extract necessary data. Physical and manual data retrieval methods require actual interaction with the device itself and are useful for obtaining data from the device or physical storage of the device (Barmpatsalou, Damopoulos, Kambourakis & Katos, 2013). These methods have proven to provide more substantial evidence to support claims.

Assuming drivers are indeed allowed to keep their mobile devices with them and because the preliminary efforts of this investigation are to remain confidential, the forensic investigator should consider the use of logical acquisition methods before physical/manual acquisition, if that becomes necessary. Logical acquisition “retrieves a bitwise copy of entities such as files and directories that reside inside a logical storage means” and is efficient in the recovery of user data such as call logs, SMS text messages, contact information and “user deleted” data, that appears to be deleted to the user, but actually available via file system access (Barmpatsalou, Damopoulos, Kambourakis & Katos, 2013).

Data Acquisition Methods

For certain, it is known that Technology Inc. provides their delivery drivers with at least two mobile devices and a delivery truck to assist in their day to day duties. These devices can and will most likely be used to substantiate the claims and complaints against the driver. However, it is important that the forensic investigator fully understands the laws and implications regarding data collection before starting any investigation. In the book Computer Forensics JumpStart, authors Solomon, Rudolph, Tittel, Barrett & Broom (2011) discuss the Federal guidelines in place for searching and seizing computers. Searches are permissible under the principle that there is either a non-investigatory work-related interference or an investigatory search for evidence of a suspected employee. This is very likely the case of such in the United States, however, it is wise to know the equivalent of such workplace search and seizure guidelines in Malaysia, where the Technology Inc. delivery driver is in question.

Based on the preliminary information the investigator is able to obtain on their own, further detailed records may be required and can only be obtained from cell carriers, ISPs and data providers. Different providers respond to court ordered documents and subpoenas in different manners, so contingent on how the carrier responds to subpoenas, it can be a tedious task for an investigator to gather the necessary data and information in a considerable amount of time for the sake of building a case. Personnel with legal and compliance skills should be in place to adhere to law enforcement requests. Service providers and carriers usually have teams with knowledge ready to law enforcement requests (Miller, 2008).

In a journal article by Christa Miller (2008), she discusses how tower data allows carriers to keep track of specifics such as call date/time, length, inbound/outbound, tower location, etc., which would be quite helpful in determining logistics in the case of the delivery driver. Utilizing a visualization of the cell towers that were pinged from the delivery drivers company cell phone can distinguish routes traveled and whether or not they were for delivery purposes. Additionally, since tablets use cellular data in addition to internet and WiFi, the phone carrier and ISP in which Technology Inc. is subscribed to should be able to provide additional further details from the table.

Possible Legal and Court Involvement

If the allegations against the delivery driver are serious enough, Technology Inc. can decide to proceed with a full-on investigation and prosecute in court. This would mean cooperation between the company, law enforcement and forensic investigator is required to ensure all necessary means are available to supplement the scope and intricacy of a search beyond what was retrieved in the logical acquisition. If this investigation were to proceed into court, the forensic investigator can help with the presentation of obtained data in court, in addition to knowledge of the compliance of legal rules for witnesses.

All evidence is to be properly accessed by best practices to ensure the evidence contains its quality and integrity. A good investigative framework should incorporate guidelines on examination, planning, execution, monitoring, recording and reporting of all collected evidence (Solomon, Rudolph, Tittel, Barrett & Broom, 2011). Most times, internal investigations suffice, however since this incident involves gambling money, this may be criminal activity to be further investigated by legal authority.

Cloud Storage Impact on Mobile Device Forensics

 When identifying, collecting and preserving data retrieved from the cloud, investigators can run into challenges such as multi-tenancy, virtualization, scalability and jurisdiction amongst other things. These challenges can cause difficulty during real time data retrieval and monitoring. Similar to cellular service carriers, cloud service providers (CSPs), require the necessary legal documents to willfully release private data from its users. Depending on the timing of obtaining proper documentation, even in this case where an overseas location is involved, forensic investigators may run into timestamp issues especially if the cloud provider has multiple cloud environments in multiple locations. Additionally, because we know that the driver uses the cloud storage to back up both his personal and professional data, it is wise to understand the privacy laws and regulations that are incorporated not only with the CSP, but for Malyasia.


Upon receiving a tip or information regarding a possible crime committed by a Technology Inc. employee, Sam Miller should ensure the validation of the information provided by the caller and provide this information to a forensic investigator who will begin the preliminary investigation. Before determining which data acquisition methods to employ, the investigator should familiarize himself with the laws and regulation regarding user data collection, especially since another geographical region is involved. Once determined which acquisition method to use and what type of data to retrieve, this will then lead to understanding what further information is required and how it can be obtained (i.e. court order, subpoena) from cell providers, ISPs and CSPs. Service providers have their own ways of responding to requests for data and the forensic investigator will need to understand the protocols in place since they can present challenges and impact an investigation.


  • Barmpatsalou, K., Damopoulos, D., Kambourakis, G., & Katos, V. (2013). A critical review of 7 years of Mobile Device Forensics. Digital Investigation, 10(4), 323-349.
  • Barsocchini, A. (2017). 3 Challenges to Data Collection in the Cloud [Blog]. Retrieved from
  • Khan, S., Ahmed, E., Shiraz, M., Gani, A., Wahid, A., & Aminu, M. (2014). Forensic Challenges in Mobile Cloud Computing. In I4CT 2014 – 1st International Conference on Computer, Communications, and Control Technology (pp. 345-346). Langkawi.
  • Miller, C. (2008). The other side of mobile forensics. Law Enforcement Technology, 35(7).
  • Solomon, M., Rudolph, K., Tittel, E., Barrett, D., & Broom, N. (2011). Computer Forensics JumpStart (2nd ed., pp. 50-53). Indianapolis: John Wiley & Sons.

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the website then please: