Coverage
Cloud Platforms We Focus On
Microsoft 365
Outlook / Exchange
Google Workspace
Gmail Business
AWS
Microsoft Azure
Google Cloud
Dropbox / Box
SaaS Tools
CRM Systems
Cloud Storage
Admin Dashboards
Who we help
Built for Businesses That Need Clear First Steps
Law Firms
Medical Clinics
Accounting Firms
Nonprofits
Churches
Schools
Small Businesses
MSPs & IT Providers
Real Estate Firms
Professional Services
Why it matters
Preserve evidence before making major changes
During a suspected cloud breach, businesses may rush to reset accounts, delete files, remove users, change permissions, or alter settings. Some steps may be necessary, but others can accidentally destroy important evidence.
Login history
Audit logs
Admin activity
Email headers
Mailbox rules
File access records
Screenshots
Cloud resource activity
User permissions
Security alerts
Billing anomalies
Suspicious IP addresses
Account recovery changes
User creation / deletion records
Application access records
Ethics
Ethical. Authorized. Evidence-focused.
CloudForensics.us only supports lawful, authorized business security matters involving systems, accounts, and data the requester is authorized to manage or investigate. We do not assist with unauthorized access, hacking, revenge investigations, illegal surveillance, or attempts to access systems without permission.
Get help
Need help with a cloud incident?
Complete the incident intake form and we will review the situation. If specialist support is needed, we may connect you with a qualified incident-response, forensic, legal, MSP, or cybersecurity professional.
FAQ
Common questions
What is cloud forensics?
Cloud forensics is the process of identifying, preserving, and analyzing digital evidence from cloud platforms, SaaS tools, email systems, file-sharing platforms, and online business accounts.
Do you recover hacked accounts?
CloudForensics.us provides incident intake, evidence-preservation guidance, readiness support, and specialist referrals. Some cases may require direct support from the cloud provider, legal counsel, an MSP, or a qualified incident-response firm.
Can you help with Microsoft 365 or Google Workspace compromise?
Yes. Microsoft 365, Outlook, Exchange, Google Workspace, and Gmail business account compromise are core use cases for CloudForensics.us.
Do I need to preserve evidence before changing passwords?
In many cases, businesses should document key details such as login history, alerts, mailbox rules, admin activity, email headers, and account changes before making major changes. The correct steps depend on the situation.
Do you work with law firms and small businesses?
Yes. We work with law firms, medical offices, accounting firms, nonprofits, churches, schools, and small-to-mid-sized businesses.
Is this legal?
All support must be based on proper authorization. CloudForensics.us does not assist with unauthorized access, hacking, illegal surveillance, or investigations involving systems the requester is not authorized to manage or investigate.
Are you a cloud provider or software vendor?
No. CloudForensics.us is a cloud incident-response intake, evidence-preservation, readiness, and specialist-referral platform. We may connect businesses with qualified professionals when a deeper investigation is needed.