Andreas Hammer, Mathis Ohlig, J. Geus, F. Freiling
{"title":"法医获取存储的功能分类及其法律意义","authors":"Andreas Hammer, Mathis Ohlig, J. Geus, F. Freiling","doi":"10.1145/3609231","DOIUrl":null,"url":null,"abstract":"Due to their ease of use and their reliability, managed storage services in the cloud have become a standard way to store files for many users. Consequently, data from cloud storage services and remote file systems in general is an increasingly valuable source of digital evidence in forensic investigations. In this respect, two questions appear relevant: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition? The two questions refer to critical aspects of forensic evidence collection, namely, in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. We formalize the above questions and use this formalization to classify common storage services. We argue that this classification has direct consequences with regard to the probative value of data acquired from them. We, therefore, discuss the legal implications of this classification with regard to probative value so that IT expert witnesses can adapt their procedures during evidence acquisition and legal practitioners know how to assess such procedures and the evidence obtained through them from cloud storage services.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"92 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Functional Classification of Forensic Access to Storage and its Legal Implications\",\"authors\":\"Andreas Hammer, Mathis Ohlig, J. Geus, F. Freiling\",\"doi\":\"10.1145/3609231\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to their ease of use and their reliability, managed storage services in the cloud have become a standard way to store files for many users. Consequently, data from cloud storage services and remote file systems in general is an increasingly valuable source of digital evidence in forensic investigations. In this respect, two questions appear relevant: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition? The two questions refer to critical aspects of forensic evidence collection, namely, in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. We formalize the above questions and use this formalization to classify common storage services. We argue that this classification has direct consequences with regard to the probative value of data acquired from them. We, therefore, discuss the legal implications of this classification with regard to probative value so that IT expert witnesses can adapt their procedures during evidence acquisition and legal practitioners know how to assess such procedures and the evidence obtained through them from cloud storage services.\",\"PeriodicalId\":202552,\"journal\":{\"name\":\"Digital Threats: Research and Practice\",\"volume\":\"92 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Threats: Research and Practice\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3609231\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Threats: Research and Practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3609231","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Functional Classification of Forensic Access to Storage and its Legal Implications
Due to their ease of use and their reliability, managed storage services in the cloud have become a standard way to store files for many users. Consequently, data from cloud storage services and remote file systems in general is an increasingly valuable source of digital evidence in forensic investigations. In this respect, two questions appear relevant: (1) What effect does data acquisition by the client have on the data stored on the server? (2) Does the technology support delayed verification of data acquisition? The two questions refer to critical aspects of forensic evidence collection, namely, in what way does evidence collection interfere with the evidence, and how easy is it to prove the provenance of data in a forensic investigation. We formalize the above questions and use this formalization to classify common storage services. We argue that this classification has direct consequences with regard to the probative value of data acquired from them. We, therefore, discuss the legal implications of this classification with regard to probative value so that IT expert witnesses can adapt their procedures during evidence acquisition and legal practitioners know how to assess such procedures and the evidence obtained through them from cloud storage services.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
