Leveraging Cloud Computing Provision To Solve Problems In Digital Forensics

My years as a customer – working with MSAB to develop an effective ecosystem, and latterly as a senior consultant within MSAB, helping customers develop their own ecosystem solutions, has led me to explore facets of cloud computing.  Up until the last couple of years, ‘Cloud’ has been reluctantly handled by much of law enforcement, and generally shunned.  Only now are we really seeing a major cultural shift in adopting new and cost-effective techniques to re-address best practice. Although I personally have more familiarity using Amazon Web Services (AWS) as a service provider, the thoughts here are not intended as an endorsement of any one particular company. Here are some of the ways in which I have seen MSAB’s customers use ‘Cloud’ features to re-think their approach to acquiring and providing evidence from the ground up.

1. Scalable, economical, fast computing.

Rather than accepting the vast capital expenditure incurred in setting up a lab and the administrative backbone this requires, and the time taken to spec, order and build servers and networks on-premises, cloud provisions allow digital forensic managers to think on their feet, get up and running quickly, and pay for only what they use. The scalable nature of ‘elastic’ computer servers means that practitioners can afford to experiment with their setups, and either scale them up or down by increasing or reducing server specification or scale them in and out by adding or removing more computers performing the same task.

As an example, rather than spending months specifying and arranging a network and server to connect front-line forensic solutions like MSAB’s Kiosk to XEC Director, MSAB can assist and provide a cloud instance with secure networking, meaning that your kiosk deployment could be up and running within a day.

Equally, using features such as Workspaces to provide virtual desktops to your staff may be an easy way to roll out viewing and analysis tools such as XAMN.

2. Elastic storage

Performing any number of successful extractions on modern smartphones yields terabytes of data to be stored and distributed. Adopting scalable cloud storage to house these extractions and their derived data would:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


  • Permit examiners to start work immediately.
  • Prevent instances of front-line units running out of storage because they are so popularly used.
  • Ensure that managers pay only for the amount of data they produce and make informed decisions about the volumes required.
  • Build in redundancy and resilience.
  • Leverage existing, documented security models.
  • Allow this data to be distributed quickly and effectively to the right analysts for investigation.
  • Recognize that not all data needs to be treated with the same availability, and provide an automated, cost-effective model to retain data which is not under active review but must be retained nevertheless.

3. Feed big analytical engines

MSAB recognizes that some of its customers use other data management tools and products to enable comparison and trend analysis across individual extractions. Feeding the source material to storage and computing in the cloud would allow these processor-intensive workloads to run as and when required, in a more cost-effective model than purchasing dedicated servers which are not always fully utilized. It would also remove the potentially scrappy nature of acquiring different extractions across different physical locations.

4. Feed acquired data into other useful tools

Once the data is held in elastic cloud storage, your organization may wish to make use of additional tools to handle the information.

Cloud providers include tools such as:

  • Media transcoding.
  • Audio-to-text transcription.
  • Analysis of static images for content, items, recognized faces and even conveyed emotions.
  • Analysis of videos for content.

All performed quickly on dedicated powerful machines, with the examiner and analyst paying only for what is used. Subject to lawful use and human checking, these measures could drastically enhance the focus of a human analyst and get the right information into the right hands in minutes rather than months.

A number of MSAB’s customers have actively approached us about using cloud solutions to solve their digital forensics problems, and the Professional Services team are happy to help by discussing use cases and producing demonstrations. MSAB have prepared production solutions in use by our customers on multiple continents. Equally, most of the cloud service providers employ their own teams dedicated to providing solutions for their Law Enforcement and Justice customers. Please reach out and ask if you feel you could benefit from a cloud-integrated approach!

MSAB author: Simon Crawley is a former Police Sergeant in the Metropolitan Police Service, with 10 years experience in Counter Terrorism intelligence gathering using digital forensic tools.  Simon designed, built and managed an effective and efficient MSAB Ecosystem in order to improve data collection, and he is now a senior consultant for MSAB.

Leave a Comment