Andreas Hammer, Mathis Ohlig, Julian Geus, Felix Freiling

A Functional Classification of Forensic Access to Storage and its Legal Implications

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Safety Research
  • Information Systems
  • Software

Due to their ease of use and their reliability, managed storage services in the cloud have become a standard way to store files for many users. Consequently, data from cloud storage services and remote file systems in general is an increasingly valuable source of digital evidence in forensic investigations. In this respect, two questions appear relevant: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition? The two questions refer to critical aspects of forensic evidence collection, namely, in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. We formalize the above questions and use this formalization to classify common storage services. We argue that this classification has direct consequences with regard to the probative value of data acquired from them. We, therefore, discuss the legal implications of this classification with regard to probative value so that IT expert witnesses can adapt their procedures during evidence acquisition and legal practitioners know how to assess such procedures and the evidence obtained through them from cloud storage services.

Need a simple solution for managing your BibTeX entries? Explore CiteDrive!

  • Web-based, modern reference management
  • Collaborate and share with fellow researchers
  • Integration with Overleaf
  • Comprehensive BibTeX/BibLaTeX support
  • Save articles and websites directly from your browser
  • Search for new articles from a database of tens of millions of references
Try out CiteDrive

More from our Archive