±Forensic Focus Partners
New Today: 1
New Yesterday: 2
±Follow Forensic Focus
· DFRWS Europe 2015 Annual Conference – Recap
· DFRWS EU 2015 – Dublin 23rd – 26th March
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
InterviewsBack to top Back to main Skip to menu
Nina van der Knaap, PhD Student (eLaw), Leiden University
I am a forensic criminologist and I noticed that digital forensics (the topic of my PhD) is not a subject at the moment in the Masters I was following. I’ve always had an interest in computers so I contacted a company (Fox-IT) in Holland that handles digital forensic investigations and asked if they would be willing to let me have an internship to learn more about the field. They said I could and I worked there one day every week for 8 months next to my other fulltime internship and learned a lot.
This only sparked my interest in the field further, so together with Fox-IT and the University of Leiden I set up a PhD. I started my PhD at the beginning of 2013 and I worked for Fox-IT as well.
Your research at the moment is focused on backlogs in digital forensics investigations, a theme that has been discussed at several conferences recently. Could you give us an overview of the research and the results so far?
Backlogs seem to be a problem that has been around for quite some time but it is difficult to quantify the problem. I wanted to see if it was possible to gather data on the topic. Luckily and with help from lots of people in the digital forensics community the survey has got almost 60 respondents to date. The groups with the biggest backlogs seem to be the law enforcement and government groups. That is not really surprising because the private sector has more discretion in which cases they take on.
Furthermore, the average backlog for respondents who reported one in 2013 is 3-4 months. The longest backlog reported in 2013 is 18 months. The backlogs seem to have gotten a little better compared to the 5 previous years though. When the survey closes for good (at the end of the year) I want to differentiate between countries (if possible) and continents too.
Do you think there are any significant differences between private agencies and law enforcement when it comes to backlogs? Why/why not?
Yes there is a big difference in the fact that law enforcement has little say in the cases they need to investigate. I also think the kinds of cases are different in nature and often the corporate cases are more focused on finding out what happened instead of finding a suspect and getting him (or her) convicted in court; that has an impact on the time needed to find the proper evidence.
What do you think the major developments will be in digital forensics over the next couple of years?
I hope the backlogs will soon be a thing of the past, but I fear the field will only get more complex. More systems, more computers embedded in every object (the internet of things), more cloud services will make evidence more prevalent but also more difficult to find, analyse and interpret.
I think that digital investigators will have to specialise in a certain field more than they do now. And I think that the specialists will have to be in charge of the really complex cases, while detectives (for law enforcement) will be trained to use special programs to handle the "easier” cases with more cut-and-dried evidence.
Do you have any advice for students who are just starting out in their digital forensics studies?
It is a great field, do not let it overwhelm you! And I’ve found that most people in the field are always willing to help each other out, so ask for help. Lastly, I wish academic programs would devote more attention to the field, since computers are not likely to disappear.
What do you do to relax when you’re not researching or working?
I love to read about digital forensics, forensics, cyber crime and thriller novels (James Rollins is one of my favorites). I also like to work out, running and biking mostly, and I can truly relax walking around my town with my husband.
Nina van der Knaap is a PhD student at Leiden University. Her current research looks at backlogs in the digital forensics field; her survey is running until the end of 2014 and can be found here. She also teaches at The Hague's Cyber Security Academy.