Digital forensics: the future of crime detection

“It just doesn’t add up. A boy can’t fall off a cliff into the sea. Where are his pants, shoes, and stockings? Did he strip them of his current one? She was actually too weak for that. Or did he take off his clothes first? But where are the things then? the incident? “

This is how Professor Dirk Labode’s book on digital forensics begins. In an interview, he explains why crimes today can only be solved if analog and digital traces are understood as a single unit.

Many digital forensics links exclusively with the analysis of cyberattacks. But your topic is about much more than that, including the “analog” crimes for which digital information is valued.
Dirk Labode: Digital forensics is much more than the previous classic definition. That’s why I’ve been preaching for some time that there is no longer any separation between analog and digital searching for clues. Let’s just say forensics again. Essentially, for any crime analysis, any digital data that is stored and processed anywhere can be relevant in a criminal proceeding. Because smartphones, tablets, computers or other data-producing devices leave digital traces. Therefore, these digital devices play an important role in every investigation.

Meaning, if someone was murdered in their apartment, would you analyze a smartphone lying next to the corpse?
The sources from which the relics are obtained are in fact completely irrelevant. It’s about integrating traces and data of all kinds. One can also say: Information technology is used to process and analyze all the information and traces obtained. We can also reconstruct what happened in analog space with analog and digital effects. For example, creating a computer model of a real space to make this crime scene and what happened understandable.

Do you have the right to participate in an investigation as an outsider? Perhaps the police themselves do not have the technical capabilities and specialized expertise to search for digital artifacts?
In the case of capital offenses, forensic doctors are also empowered with expert opinion and come to the main hearing to explain expert opinions. We do something similar as well. But we are not investigators. We only say that we found certain data or traces using a tool, such as a program. This is nothing more than a DNA or fingerprint analysis.

Are there manufacturers of these tools?
There are major manufacturers developing products for the forensic market, for example to evaluate smartphones. However, these tools require a certain development time. The problem is that the developers of these tools are chasing the fast-moving smartphone market. There are also new technologies that investigators may not yet have on their radar. How long did it take to understand that voice assistants like Alexa or Siri memorize tracks? Or the perfect crime can’t be planned with a digital device? Put your smartphone down at home and at 7 p.m. Siri says: Turn on the light! And the neighbor thinks I’m home, so I can’t be at the crime scene.

They use tools that you can’t just buy on Amazon. They develop many tools with their students. Do you do this on a case by case basis? Could such software be used elsewhere later?
We often develop on a case-by-case basis, and this, however, takes time. Then the investigators and prosecutors sometimes get nervous and ask us why are we taking so much time? But we have to write the program first, which will take a moment. If we manage to implement this in a particular case, we continue to develop the software. So we don’t always start from scratch. There is also an international community in the field of IT security and IT forensics. On GitHub, for example, there are frameworks that someone wrote an algorithm that they can use to read memory. We also take these open source modules and develop them further.

She also developed a method for the process of stealing gold coins from the Bode Museum in Berlin. Why did the court not recognize this way?
We were called because investigators could see in a video that one of the perpetrators had a very unusual gait. Then we used frameworks for this state that automatically detect something like this. It all had to happen really, really fast at the time, which is why we thought about whether we should really do it because we weren’t quite that scientific yet. But then we agreed. However, there were errors on our part in the report, which is why our method of tracking down the perpetrators was not used. However, she was honored in judgment.

Are you still using this method?
We had a lot of courage and called the police in many federal states. With Lower Saxony, we developed the method from the point of view of the police and we also received money to look for it. Today we are so far away that we can say that the method can be used.

You can digitize real evidence such as shoes or murder weapons and combine existing relics in analog form. what does that mean?
Let’s imagine a crime scene. Now it comes to reconstructing the course of events. Everything found at the crime scene can be digitized: the murder victim, the room, the murder weapons, other things. We recreate that on the computer, like a computer game. Now we bring the victim to the crime scene as a dummy and we can find out, for example, how tall the offender was to commit the crime. Could it be the alleged murder weapon at all? Or we give the digital offender a murder weapon and check if the distances to the victim are correct.

Is there a working example?
We had a case in Leipzig where there was a shooting in a parking lot and a question was asked about the whereabouts of the perpetrator and the victim, as there was no blood in the car or in the parking lot. Such questions could be answered if they digitized everything, right down to the car key and lead casings. There are manufacturers who give us data from the digital car we use at the crime scene. And now you can sit in the middle of this crime scene and understand what could have happened and how. A big plus is that with such models you do not stand in the middle of it, but you can look at the crime scene from above.

Her methods also played a role in the horrific crime against a 10-year-old girl who fell or was pushed off a bridge.
We were able to determine that the girl was lying too far from the bridge pier that she could not lie there after a slight fall. The case was reopened a few years later. But the bridge no longer exists. We went to the archives and digitally recreated the original blueprints of the bridge at the time on the computer using the bridge railing. We managed to determine that the killer had already thrown the girl over the fence.

They say the detection rate could be further improved with their methods.
This is especially true of theft, armed robbery or armed robbery. This is where the method we developed can be very useful. Therefore, we are asked frequently especially in these cases. But it is important for me to make clear that we are still researchers, but we research, teach, and apply under one roof. Some think that I am just a consultant and will write expert opinions. I’m still in the lecture hall. We are really doing research and we are very fortunate to be able to apply our research and derive new research areas from it.

What do graduates of the course do?
70 percent of them go not to the authorities, but to the forensic cabinets of the industry. There they perform “classic digital forensics” again, that is, assessment of cyber attacks.

Dirk Labud
He is a bioinformatics and forensic scientist and teaches at the Metoida University of Applied Sciences. He studied theoretical physics and medicine. In 2014 he established the first bachelor’s degree in Germany “General and Digital Forensics”. As a consultant to state police forces and prosecutor’s offices, he assists in the criminal investigation of criminal offenses and acts as an expert in court.

Leave a Comment