Legal and technical questions of file system reverse engineering

Abstract

Reverse engineering of file systems is indispensable for tool testing, accurate evidence acquisition, and correct interpretation of data structures by law enforcement in criminal investigations. This position paper examines emerging techno-legal challenges from the practice of reverse engineering for law enforcement purposes. We demonstrate that this new context creates uncertainties about the legality of tools and methods used for evidence acquisition and the compliance of law enforcement with obligations to protect intellectual property and confidential information. Further identified are gaps between legal provisions and practice related to disclosure and peer-review of sensitive digital forensic methodology, trade secrets in investigations, and governmental vulnerability disclosure. It is demonstrated that reverse engineering of file systems is insufficiently addressed by legislators, which results in a lack of file system interpretation and validation information for law enforcement and their dependence on tools. Outlined are recommendations for further developments of digital forensic regulation.