International Hosting Governments and Forensic Email Cases

Cyber forensics is hard, but it is even harder when servers are hosted in different geographical locations and an investigation needs all localities to cooperate and hand over every part of the data consistently.

This is primarily due to privacy laws that each region may apply or carry out in differing ways.

Multiple regions

Even if a compilation can source multiple regions data; dealing with international governments could mean prolonged wait times, unfamiliar processes to follow or even citizens of those regions withholding data due to privacy rights within that region.

Should a hosting government not cooperate in the course of an investigation, there are various dealings that should be followed in order to remain complete from your side as an investigator.

While communications strategy, just as legal advice, must be tailored to the circumstances (Bailey, Potter, 2017), there are legal rights in your case that can be yielded to the offending performers.

An example

Take for example email that may be utilised and stored in various geographical locations, each with their own data privacy laws. Should these emails need to be accessed, collected and analysed by investigators outside of those areas, special proceeding would need to be taken to get court orders to do so. In the European Union, for example, data privacy is of highest concern and each person who?s email it was would need to provide approval in order for it to be used in a case, otherwise the emails are unlawfully collected and cannot be analysed or presented (Tiku, 2018).

This makes it incredibly difficult to realistically collect all relevant evidence pertaining to a case, as so much could be left out.

Getting the information

In order to get this information, a Whois record search would need to be done (Algaze, 2016) to prove the IP Address that sent the email was located in a specific country. From that the investigator would have to find out which Internet Service Provider (ISP) had the associated IP Address at the time and raise a request with them to cooperate and provide the information concerning the target outcome report along with any legal backing to expediate and timeframe the legal case. The ISP would then be expected to comply and either provide all information they had on record regarding the required substantiation entreaty or provide as much information related to the case from their knowledge as possible.

Complying

There are many occasions when an external hosting government may not hand over information or cooperate and this is when law enforcement in that region will need to be involved to plea the case on your behalf. This is incredible problematic and unless there are extradition laws between the two countries (Adams, Scammon, 2012), this is almost always the point at which international digital forensic data collecting cases collapse.

References

Bailey, K., Potter, C. (2017) Protecting Corporate Reputation in a Government Investigation [Online] GlobalInvestigationsReview.com, Available from: https://globalinvestigationsreview.com/chapter/1079418/protecting-corporate-reputation-in-a-government-investigation (Accessed on 30th September 2018)

Tiku, N. (2018) Europe’s new privacy law will change the web, and more [Online] Wired.com, Available from: https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/ (Accessed on 30th September 2018)

Algaze, V. (2016) This is what happens when WHOIS data is made public [Online] Medium.com, Available from: https://medium.com/@valgaze/this-is-what-happens-when-whois-data-is-made-public-60b419bc2e89 (Accessed on 30th September 2018)

Adams, N, D., Scammon, K, S. (2012) Navigating a Mine Field: Governmental Investigations, Cooperation, and D&O Insurance [Online] AmericanBar.org, Available from: https://www.americanbar.org/publications/blt/2012/01/01_adams.html (Accessed on 30th September 2018)