Tackling the Cloud Forensic Problem while Keeping your Eye on the GDPR

If the cloud is just someone else's computer, then securing forensic evidence can be tricky. The GDPR requires providers to deploy appropriate measures to safeguard their users' personal information, also in the case of onward transfer along cloud provider chains. In this position paper we delimit the processing architectures from a top-down organizational control point of view in order to define an initial taxonomy for an accountability-based approach that aims to improve both compliance and forensic readiness. Through our initial analysis, we find that achieving compliance and forensic readiness may become even more difficult as we move towards distributed architectures, such as blockchain technology. Our conclusion is that the forensic challenge requires a renewed research focus, and we highlight how an accountability-based approach will be instrumental to the overall acceptability of the solution.