The digital technology research area of the Forensic Institute is concerned with identifying and making digital traces searchable.
Digital traces can be found on very different devices, sometimes in enormous quantities. Examples of digital traces are Whatsapp messages in a phone, email addresses in a computer or GPS locations in a TomTom. But a bank card or a fire alarm also contains digital traces.
An example: a melted phone
In an abandoned industrial estate there is a burnt-out car with the victim of a murder in it. When searching the car, the police find a smartphone that has melted into a lump of plastic. The phone goes to the Digital Forensic consultant where Digital Technology investigate it.
What questions does the researcher get?
- Are there photos on the phone?
- Who last called the victim?
- What is the last location looked up in GoogleMaps?
What methods does the researcher use?
The researcher carefully saws open the molten phone and soldered the memory chip loose. With advanced equipment, he repairs the contact points on the damaged chip and copies the data. It uses a proprietary database of coding formats to convert the raw data into readable information, such as messages and photos.
What are possible outcomes of the research?
The researchers found text messages, Whatsapp messages, photos, lists of contacts and outgoing calls, and locations the victim looked up in GoogleMaps. The last location searched in GoogleMaps is the business park where the burnt-out car was found. Just a few minutes after the last phone call, the victim looked up the location of the business park in GoogleMaps.
Digital Forensics Research:
- Prevents writing and modifying data on the media carrier on which a forensic computer investigation is carried out and guarantees this.
- Ensures that the evidence will be duplicated completely unaltered.
- Ensures that the evidence is not altered or modified in any way during the duplication process.
- Prevents the disc from further damage or overwriting.
- Carries out this with US court-certified methods and techniques.
- Never overwrites data on the original disk, so no additional damage is guaranteed.
- Makes a copy of the data as soon as possible, so that it remains possible to search for other solutions.
- Publishes the research report after thorough analysis and usually does so within 5 working days.
- Return your recovered files to an external USB hard drive or any other way you prefer.
What characterizes the approach?
“The team works closely and positively with colleagues in more than 135 countries. Together we have a number of Centers of Excellence, where we work on innovations within IT forensics, e-discovery and all other forms of forensic IT research. The Netherlands takes a leading role because we have high-quality expertise, particularly in the field of e-discovery and computer forensics.
In addition to the common ‘world standards’ (software) in the field of e-discovery and computer forensics, they offer more exotic tailor-made solutions where necessary. Our customers recognize us for our high-quality, yet pragmatic approach. The customer can count on short lines and a very fast response, even outside office hours. That is very much appreciated and partly because of this customers always come back to us. ”