By no means an expert but I do have actual academic qualifications in IT forensics. Since you present a hypothetical case there are too many variables to give a useful answer. A lot depends on the specific circumstances: the exact nature of your case, jurisdiction, down to the individuals who end up involved in it.
With all that said, if I were dealing with your case after getting to the point in the forensic process where I actually start looking at your data I would:
* First, read carefully the scope of the court order under which powers I am acting and discard anything that does not clearly fall under it. Here is one of those points where things can go wrong already; some courts are better than others at understanding the nature of things and the limits of legislation. I would probably seek clarification if an order seems overly broad in scope. In no case will I go fishing for data, that is not forensics.
* Assuming that the encrypted blob somehow falls under the scope of my order, its nature will very soon become evident from both intrinsic and extrinsic characteristics and clues. I will know that it may not be your data and that you may not have access to it (of course, if in scope I may investigate whether you are a user of this service and whether there is a chance that you might actually be hosting your own data, though I expect that to be a pretty big coincidence). If I determined that that data is not yours, this will be reflected in my report and no more questions should be raised about it.
As I said, too many variables and this being a hypothetical case you could always come up with some contrived circumstance where you would be wronged through no fault of yours, but in practice this is no reason to stop using this service. By the same token, you have no clue what is inside all those compiled programs that your computer likely came with.
Biting the hand that feeds IT
