13.1 Introduction

The Cloud can be considered “a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services)” (Mell and Grance 2011). In the context of digital forensics, this could mean that, for example, a given collection of illicit material is stored on the servers of a cloud provider or across multiple cloud providers. Bear in mind that the cloud provider's country of operation does not necessarily allow conclusions about the geographic location of one or more of its servers, which could be hosted in multiple countries – not to mention that the original cloud provider may have subcontracted its services to other providers (Nishawala 2013). This means in practical terms that the illicit material stored by the suspect is literally scattered in the clouds, for all intents and purposes regarding gaining access to it. It may as well be, from the perspective of law enforcement, which may possibly be required to identify the various locations, issue specific and separate requests for mutual legal assistance, and then hope for a swift response from the various jurisdictions ...