Getting Started with Digital Forensic Cloud Enclaves

Most Digital Forensic Labs (DFLs) leave a lot to be desired when compared to current commonplace technologies. A few short years ago, cutting edge commercial entities were embarking on their journey to the cloud culminating in what we see today: Advanced artificial intelligence providing never-seen-before capabilities. Even local small businesses have migrated their websites to cloud services and are taking advantage of AI technologies. However, most DFLs remain 100% on premise, using air-gapped hardware to conduct critical digital forensic criminal investigations.

DFLs and forensic examiners understand the critical and sensitive nature of the evidence they deal with, from homicides and robberies to sexual assault and child exploitation. Most DFLs that I speak with share a common architecture to maintain security of this sensitive evidence — a single physical location containing all digital evidence on an air-gapped disconnected network. Some of these DFLs have onsite backups, but these backups are typically expensive, unreliable or both.

Keeping your DFL air-gapped in your own building provides a good cybersecurity posture, but an extremely poor redundancy or disaster recovery posture. A single event can wipe out decades of case data. One DFL in particular suffered two separate disasters: A fire suppression system and a storage server data corruption event. The fire suppression system failure caused catastrophic damage to the building with thousands of gallons of water.

Fortunately, the storage server rack was spared from the flood, but only by a few feet. Though spared from the flood, a data corruption event caused by a misconfiguration during initial setup eventually resulted in massive permanent data loss followed by expensive data restoration attempts.

The decision for DFLs to remain on prem comes with significant risk to the continuity of operations of any lab. Fortunately, cloud services like Microsoft Azure provide the solution. Unfortunately, many DFLs don’t know where to start in their journey to the cloud.

CloudFit’s Digital Forensic Cloud Enclave Architecture

CloudFit taps into our employees’ experience in digital forensics, law enforcement, building secure cloud enclaves and providing ongoing cybersecurity, combining them into a hyper-scalable, secure Digital Forensic Cloud Enclaves (DFCE) capable of addressing nearly any issue facing a DFL, such as:

• Archive Storage: Do you have a lengthy evidence and data retention policy on violent felonies or CSAM cases? Is your plan to keep up with evidence growth to simply keep purchasing storage devices? Cloud storage can provide unlimited secure storage in your Azure tenant, not a 3^rd party’s cloud service with unpredictable pricing and an unknown or unpublished security posture.
• Compute: Do you have a plan in place to handle a large influx of evidence? Do you have a forensic backlog? Your Azure tenant can scale instantly to meet demand. Tools like Magnet Automate can help you eliminate your backlog at an infinite scale in the cloud. Turn it up when large cases come in and turn in down when your backlog is empty. Go from a backlog of months to a backlog of hours.
• Azure Virtual Desktop: Quickly spin up secure virtual desktops in your cloud tenant to provide a sterile environment for investigators to access and review cases, without having to drive across town or across the state.
• Artificial Intelligence: CloudFit has worked with Microsoft to create tools only available to law enforcement that leverage artificial intelligence to help analyze evidence, fight crime and improve mental health, all running in your agency’s secure cloud environment.
• Cybersecurity: Microsoft invests over one billion dollars annually into Azure cybersecurity capabilities. CloudFit builds each law enforcement cloud tenant to meet or exceed the FBI’s CJIS security recommendations while providing 24×7 monitoring, support and incident response. The safest place for your data is in Azure.

Getting Started

CloudFit’s approach to DFCEs allows for a bolt on approach for any agency’s cloud adoption. Getting started in the cloud can be as simple and basic as a small archive storage tier. At any point in time, additional Azure features can be added or removed as needed. CloudFit stands ready to provide guidance and estimates to any local, state, tribal or federal law enforcement agency.

Are you ready to get fit? Contact getfit@cloudfitsoftware.com or explore our cybersecurity services to learn how we can support you.

About the Author

Kevin Davis is a former Sergeant with the Bedford County Sheriff’s Office and served as the lead digital forensics examiner during his time there. After leaving the Sheriff’s Office, Kevin pursued an I.T. Career with a focus on building, securing, and managing DoW Cloud Enclaves at CloudFit Software. Currently, Kevin is taking his experience in law enforcement, digital forensics and secure cloud environments to create secure Digital Forensic Cloud Enclaves (DFCE) for local, state and federal law enforcement agencies.