developing the Cloud Signature tool to allow investigators to quickly search for cloud application remnants on devices (computers, phones, iPads, etc) seized from suspects. These remnants include data found in file system data structures, cached web sites, cookies, index.dat entries, registry entries, and several other places on devices used by the suspect. The Cloud Signature tool will collect and present data that is necessary to form a preservation letter and warrant to the cloud service providers that meets 4th Amendment restrictions on scope
you need to read all seizable data and then - like a virus scanner - you read one file after another on the computer and check whether or not that data appears within a file.
You may ask the user what data he wants to protect