Cloud Data Forensics: Reconstruct your cloud communications

Cloud forensics is a branch of forensic science encompassing the recovery and investigation of material found in https-based encrypted cloud services such as Google Drive, Gmail, Office 365, Facebook, often in relation to computer crime. As well as identifying direct evidence of a crime, cloud forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources, or authenticate documents.

Regulatory Compliance


Corporate scandals and breakdowns such as the Enron case have increased calls for stronger compliance and regulations in different kinds of industries, such as Sarbanes–Oxley, ISO27000, PCI-DSS, HIPAA, SEC, FINRA, FSA, IIROC, FERC, NERC, CFTC, NFA. They all require electronic communications to be logged for years for auditing. Of course it is a must to audit https traffic since most crime activities hide themselves in encrypted https tunnels. 

Transparent Https Inspection


Today’s cyber attackers are stepping up their attempts to compromise both web and email—secure only one and an adversary will enter from the other. These attackers set ransomware traps to steal critical data only to demand a hefty price for its return. SSL-enabled environments, such as HTTTPS, SMTPS, POP3S, and IMAPS, are end-to-end security tunnels that may contains viruses or information leakage. They have been encrypted themselves so no middleman in the network can analyze the contents. However, viruses in HTTPS encrypted WebMail systems are easily downloaded and infected by employees. Skillful users may use SMTPS/HTTPS to upload the confidential information outside the company without being checked. To achieve SSL content filtering with true transparency, the patented SSL-Scan® technology with No-IP® solution can screen the SSL contents in full transparency:

Transparent inspection of SSL-enabled environments such as HTTPS and SMTPS. L7, even without any IP binded to the INT/EXT interfaces, can transparently filter the contents in the HTTPS/SMTPS/... tunnels. No IP binded to the interfaces, which can achieve true transparency just like layer-2 switches. Instantly react to users to inform the reason of the policy violation. Interactive with users just inside the application window is a must to simplify configuration problems. L7, equipped with the No-IP(TM) technology, can interact with users' applications even without any IP binded to the INT/EXT interfaces.

User-Unaware Installation and Digital Forensics


User-unaware installation is extremely important for such auditing tools. InstantCheck® employs transparent mode or proxy mode to install without changing your network architecture. Currently InstantCheck® can filter detailed behaviors and reconstruct mainstream webmail contents (Gmail / Outlook / YahooMail ) webhd contents (Dropbox / One Drive / Google Drive), messenger contents (Line / WeChat / Facebook Chat / Gmail Chat), social contents (Facebook / Twitter) for network data forensics.