Digital forensics is a cornerstone of modern crime investigations, yet it raises significant privacy concerns due to the collection, processing, and storage of digital evidence. Despite that, privacy threats in digital forensics crime investigations often remain underexplored, thereby leading to potential gaps in forensic practices and regulatory compliance, which may then escalate into harming the freedoms of natural persons. With this clear motivation, the present paper applies the SPADA methodology for threat modelling with the goal of incorporating privacy-oriented threat modelling in digital forensics. As a result, we identify a total of 298 privacy threats that may affect digital forensics processes through crime investigations. Furthermore, we demonstrate an unexplored feature on how SPADA assists in handling domain-dependency during threat elicitation. This yields a second list of privacy threats that are universally applicable to any domain. We then present a comprehensive and systematic privacy threat model for digital forensics in crime investigation. Moreover, we discuss some of the challenges about validating privacy threats in this domain, particularly given the variability of legal frameworks across jurisdictions. We ultimately propose our privacy threat model as a tool for ensuring ethical and legally compliant investigative practices.

翻译：数字取证是现代犯罪调查的基石，但由于数字证据的收集、处理与存储，它也引发了严重的隐私关切。尽管如此，数字取证犯罪调查中的隐私威胁往往未得到充分探究，从而导致取证实践与法规遵从性方面存在潜在缺口，这可能进而升级为对自然人自由的侵害。基于这一明确动机，本文应用SPADA方法进行威胁建模，旨在将面向隐私的威胁建模融入数字取证。由此，我们识别出总计298项可能通过犯罪调查影响数字取证流程的隐私威胁。此外，我们展示了SPADA在威胁识别过程中如何处理领域依赖性的一个未探索特性。这产生了第二份适用于任何领域的通用隐私威胁清单。随后，我们提出了一个针对犯罪调查中数字取证的全面系统化隐私威胁模型。此外，我们讨论了在该领域验证隐私威胁所面临的部分挑战，特别是考虑到不同司法管辖区法律框架的差异性。我们最终提出将本隐私威胁模型作为一种工具，以确保调查实践符合伦理与法律规范。