Cloud computing offers a sense of "vastness" in terms of storage and remote processing. According to Simpson Garfinkil, a major challenge to any digital forensics investigator investigating data within the cloud can be an inability to locate or identify data or code that is lost when single data structures are split into elements.

This in effect directly impacts forensic visibility.

Within this ecosystem a major concern can be access to, and the preservation of, data within an on-going digital forensic investigation. Of consideration, as mentioned in Part 1,  is that in a live and dynamic system such as the cloud, it is virtually impossible to go back to an original state of data after obtaining a "snapshot" for investigation.

Also of importance are the jurisdictional and legal ramifications pertaining to the physical location of the cloud systems holding data under investigation.

This part of the article continues from the question, "How can an investigator identify and track this data?" It looks at identity within the cloud with regard to the issue of anonymous authentication and how it can impact a digital forensic investigation.

Going a bit back in time we can reference provenance as detailed in a paper published in 2001 by Clifford A. Lynch.

Lynch proposed a utilization of tools that allowed for the determination of the source of identity of a person or organization standing behind a metadata assertion. Consequently this assumption allows for the development of trust in an entity's identity.

Per Foster Zhao Raicu and Lu, provenance references any data product's derivation history. It includes "all the data sources, intermediate data products, and the procedures that were applied to produce the data product." In other words, it's somewhat of an "audit trail".

Foster et al also stated that with regard to the cloud that could be existential challenges with an audit trail stemming from "issues such as tracking data production across different service providers (with different platform visibility and access policies) and across different software and hardware abstraction layers within one provider."

Researchers Lu, Lin, Liang, and Shen took the process of provenance as suggested by Lynch a step further and proposed that cloud computing should provide provenance "to record ownership and process history of data objects in the cloud," on the assumption that "given its provenance, a data object can report who created and who modified its contents."