Mobile cloud computing combines mobile networks and cloud computing allowing user applications and data to be stored on the cloud (i.e., internet servers) rather than the mobile device memory. This data may be stored across geographically diverse locations.
Cloud computing environments are complex in their design and frequently geographically disperse. Often, storage locations for cloud computing are chosen due to the lowest cost and data redundancy requirements. One issue may be the identification of the location of the data. This is an emerging field.
Cloud storage opens numerous possibilities for mobile device application developers beyond mobile device memory limitations. As mobile applications evolve, data retrieval becomes seamless to the user and not apparent if data is stored on the cloud or the mobile device’s internal memory.
Several factors within cloud computing environments challenge forensics examiners requiring a hybrid approach to include both live and “dead box” forensic techniques. Additionally, recovery of user data stored in the cloud may become more problematic based on laws and regulations. Retrieval and analysis of cloud-based data should follow agency-specific guidelines on cloud forensics.
The mobile device forensics examiner should not discount cloud-based data left behind (e.g., browser cache or other forensics artifacts) that may be present on tangential equipment enabling an examiner to piece together what has occurred on a device.