Digital Forensics: The Future of Crime Detection

“It just doesn’t fit together. The boy couldn’t have fallen into the sea from the cliff. Where are his trousers, shoes, socks? Did the current take them off him? It was actually too weak for that. Or did he undress himself beforehand? But where are the clothes then? And who takes off their pants before an accident?”

This is how Professor Dirk Labudde’s book on digital forensics begins. In an interview, he explains why crimes can only be solved today if analogue and digital traces are understood as a unit.

Many people associate digital forensics exclusively with the analysis of cyber attacks. But for you it is about much more, i.e. also about “analogue” crimes for which digital information is analysed.

Dirk Labudde: Digital forensics is much more than the previous classic definition. That is why I have been preaching for some time that there is no longer a separation between analogue and digital forensics. Let’s just say forensics again. In fact, for any crime analysis, all digital data stored and processed anywhere can be relevant in a criminal case. After all, smartphones, tablets, PCs or other data-producing devices leave digital traces. That is why such digital devices actually play an important role in every investigative procedure.

That means, if someone was murdered in their home, would you analyse a smartphone lying next to the body?
The sources from which traces are obtained are actually completely irrelevant. It’s about bringing together traces and data of all kinds. You could also say that computer science is used for the processing and analysis of all the information and traces that have been obtained. We can also reconstruct the crime in analogue space with analogue and digital traces. For example, we can generate a computer model of a real room in order to make the crime scene and the events of the crime comprehensible.

Are you allowed to participate in an investigation as an external party? After all, the police themselves probably do not yet have the technical possibilities and expertise to search for digital traces, right?
In the case of capital crimes, forensic medical experts are also commissioned with an expert opinion and come to the main hearing to explain their expert opinions. We also do something similar. But we are not investigators. We only say that we have found certain data or traces with a tool, i.e. software. That is nothing different from a DNA analysis or a fingerprint.

Are there manufacturers for such tools?
There are large manufacturers who develop products for the forensics market, for example for the evaluation of smartphones. However, such tools need a certain development time. The problem is that the developers of such tools are running behind the fast-moving smartphone market. Moreover, there are new technologies that investigators may not yet have on their radar. How long did it take to understand that voice assistants like Alexa or Siri store traces? Or can the perfect crime not be planned with a digital device? One puts down one’s smartphone at home, and Siri then says at 7 p.m.: Turn on the light! And the neighbour thinks I’m at home, so I can’t have been at the crime scene

They use tools that you can’t just buy on Amazon. You develop many tools together with your students. Do you do it case-specifically? Can such software be used elsewhere later on?
We often develop case-specific, but that takes time. Then the investigators and public prosecutors sometimes get nervous and ask us why we take so long. Well, first of all the software needs to be written and that takes a bit of time. Once we’ve done that successfully for a particular case, we continue to develop the software. So we don’t always start from scratch. In the field of IT security and IT forensics, there is also an international community. On GitHub, for example, there is Frameworks for which someone has written an algorithm that can be used to read out working memory. We also take these open-source building blocks and develop them further.

You also developed a method for the trial on the theft of the gold coins from the Bode Museum in Berlin. Why did the court not approve this method?
We were called in because the investigators could see in a video that one of the perpetrators had a very conspicuous gait. In this case, we used frameworks that automatically detect such things. At that time, everything had to be done very, very quickly, which is why we thought about whether we should really do it, since we were not yet scientifically ready. But then we agreed. However, we made mistakes in the expert report, which is why our method for finding the perpetrators was not used. Nevertheless, it was acknowledged in the verdict.

So you still use this method?
We pulled together a lot of courage and called police forces in several federal states. With Lower Saxony, we developed the method further from a police point of view and also received research funds for it. Today we have reached the point where we can say that the method may be used.

You can digitise real evidence such as shoes or weapons and integrate analogue traces. What does that mean?
Let’s imagine a crime scene. The task now is to reconstruct the course of events. To do this, everything at the crime scene can be digitised: the murder victim, the room, the weapons, other objects. We reconstruct this in the computer, like in a computer game. Now we bring the victim into the crime scene as a dummy and can find out, for example, how tall a perpetrator must have been to commit the crime. Could it even have been the alleged murder weapon? Or we give the digital perpetrator the murder weapon in his hand and check whether the distances to the victim are correct.

Is there a practical example?
We had a case in Leipzig about a shooting in a car park and the question arose where the perpetrator and victim must have been standing, since there was no blood in the car or in the car park. Such questions can be answered if they digitise everything down to the car key and the bullet casings. There are manufacturers who give us the data of the digital car for that, which we put into the crime scene. And now you can put yourself into this crime scene and reconstruct what may have happened and how. A big advantage is that with such models you are not standing in the middle, but can look at the crime scene from above.

Your methods also played a role in the terrible crime of a 10-year-old girl who fell or was pushed off a bridge.
We were able to determine that the girl was lying so far away from the bridge pillar that she could not have been lying there after a simple fall. The case was reopened after a few years. But the bridge no longer existed. We went to the archives, digitally recreated the original construction plans of the bridge at that time in the computer with the bridge railing. We were able to determine that the murderer really did throw the girl over the railing.

You claim that with your methods the detection rate could be improved even further.
This is especially true for robberies, aggravated or armed robbery. That’s where the method we have developed can be very helpful. That’s why we are often asked about these cases. However, for me it is important to make it clear that we are still researchers, but we do research, teaching and application under one roof. Some people think I am only a consultant and write expert reports. I am still in the lecture hall. We really do research, we have the great fortune to put our research into application and to derive new fields of research from the application.

And what do the graduates of your degree programme do?
Seventy per cent of them don’t work for  the authorities, but instead join forensics tanks in the industry.  There, they again do “classic digital forensics”, i.e. the evaluation of cyber attacks.

Dirk Labudde
is a bioinformatician and forensic scientist and lectures at Mittweida University of Applied Sciences. He studied theoretical physics and medicine. In 2014, he founded Germany’s first bachelor’s degree programme in “General and Digital Forensics”. As a consultant for state police forces and public prosecutors, he helps with the forensic investigation of criminal offences and acts as an expert witness in court.

The non-fiction book
“DIGITALE FORENSIK. DIE ZUKUNFT DER VERBRECHENSAUFKLÄRUNG”
by Dirk Labudde was published by Lübbe at the end of April 2022.
ISBN: 978-3-431-05032-5