e-Discovery and the Cloud

Disclaimer

I am not an attorney I am an Information Assurance

practitioner This is meant to be information

related to the technical and policy issues of e-Discovery in a cloud environment and not solely the legal aspects

We will discuss some legal issues

Agenda

Challenges of Cloud e-Discovery Working Definition of Cloud

Computing Policy and Technical Issues

Plaintiff Respondent Proactive Steps Reactive Steps

Challenges

There is no one definition of Cloud Computing

Very Little Guidance Technical Best Practices Legal

Lack of Expertise Clients Legal Community Magistrates and Judges

Challenges

The nature of Cloud Computing International Scope Varying Laws

Rapidly Changing Technology and Services

No tangible assets Desktops and laptops may be what

are referred to as a “thin client”

Cloud Computing Definition

The term “Cloud” comes from the graphical icon used to represent the internet

Is a way for organizations to reduce costs through using resources outside their physical boundaries

Third parties provide the applications, infrastructure or platform for computing needs

Cloud Computing Definition

Separation of application and resources

Accessed through Internet or Intranet connections

Third Party Pools of computing, network, information, and storage resources

The ability to scale resources during peak and off peak times

Cloud Computing Definition

NIST Visual Model of Cloud Computing Definition

Cloud Computing Definition

Local Document Search

What can be found: E-Mails Documents (.pdf, .doc, .exl) Image files Deleted files System and Network Data Timelines

Local Document Search

EnCase Workstation

HDD Provided by Client

Cloud Computing

What information do Cloud Computing Providers have? Data: Client provided data

HR Records Sales Reports Archived Reports E-Mails Back-Ups

Cloud Computing

What information do Cloud Computing Providers have? Metadata: Data about client data

Creation information size tags upload dates and times IP addresses

Cloud Computing

Cloud Computing makes use of virtualization

Cloud Providers set up “Virtual Machines” that have the hardware and software components of a physical machine

Allows greater flexibility and scaling

Plaintiff

Proactive Steps: E-Discovery Provider Coordination

What forensic tools do they have? Knowledge: Vmware, Cloud Computing Policy Foundation

What metadata is possibly available Engaging e-Discovery Provider early will

give you access to information as well as questions to ask

Plaintiff: 26 (f)

Reactive (Case Received) Respondent Information

Service Level Agreement Do they have an inventory of what they

have pushed to the cloud Where is the data? What format? How much data?

Respondent

Proactive Steps Retention Policy Review Review of SLA for Legal Service Policy Where is the data?

Cloud Computing Provider

Provides data on easily readable format

In response to a request from the client

Often covered in a SLA Can be provided directly to e-

Discovery specialists

Cloud Computing Provider

EnCase Workstation

Compact Disk provided by

Cloud Computing Provider

9e107d9d372bb6826bd81d3542a419d6

9e107d9d372bb6826bd81d3542a419d6

Secure Connection

Cloud Document Search

Virtual Machines

e4d909c290d0fb1ca068ffaddf22cbd0

e4d909c290d0fb1ca068ffaddf22cbd0

Wrap Up

There are countless ways that Cloud based e-Discovery can be completed

Techniques can be utilized that are forensically sound

Much of the process is going to be dictated by the Cloud Computing provider

Wrap Up

For legal professionals: There is often information that you may

not know is available

There are technical issues that the provider may have

Engaging an e-Discovery provider early will give you valuable information to make decisions

Questions

Gerard Johansen, CISSPgjohansen#@sscintel.com

203.925.6185