Christian, tell us a bit about yourself and how you got into digital forensics.
Right now, I’m 40 years old. I studied computer science and philosophy when I was younger, before completing a post-graduate course (PhD) in bioinformatics. This led me to a job with the State Police of Thuringia, which is one of the federal states of Germany. I worked as an expert in digital forensics and analyzed lots of hard disks and phones. Later I concentrated on the forensics of embedded devices, especially in car forensics.In 2015, I was appointed professor for digital forensics at the Mittweida University of Applied Science. In 2018, I moved on to take on the exciting new role of the director of digital forensics at the ZITiS, the Central Office for Information Technology in the Security Sector.
I’m not really sure how I got into digital forensics. I was always interested in secrets. So I concentrated on cryptography at university. In my PhD I had a completely different field to work in, but bioinformatics was very applied and I really liked the more practical work. I got the job at the police more or less by chance, but it was good chance, I really got into the subject and I love my work today.
What does a typical day in your life look like?
When I’m honest, looking from the outside, my life might seem a bit hum-drum. I usually start working early, and make a point of strolling through the department, giving everyone a “good morning”. Then I have my first coffee and start my computer.
As Director, I have had to hand over the exciting hands-on forensic work to the experts in my team. My role is to make sure everything runs smoothly, everyone is happy, and that we continue to generate great outputs and ideas. I love getting the chance to go into the lab and work with some hardware. However, it is important to me that I shield my experts from the admin as much as possible, so they remain motivated and happy.
One aspect of my work that I love is travel. I get to visit far away countries, different law enforcement agencies, interesting people. This gives me a really good perspective on the current issues we are facing in digital forensics, which I can then feed back into our ZITiS projects. We have some really interesting projects and I am thrilled to have been able to bring in my ideas to give them shape.
Currently, I am finding lots of pleasure in watching things develop and grow. I’m convinced that our work will help law enforcement to make Germany a more secure place. Our current focus is on smartphone, car and IoT forensics.
FORMOBILE is a new initiative that aims to develop an end-to-end forensic investigation chain for mobile devices. Can you tell us more about the initiative and its goals?
The objectives of the FORMOBILE project will support digital forensics in the field of mobile devices. In 2009, the average number of mobile phone subscriptions per 100 inhabitants already stood at 125 in the EU-27. In 2017, altogether 65% of people within the EU used a mobile device to connect to the internet. At least 85% of all the pictures taken in the EU in 2017 were taken with smartphones. This makes mobile phones the most important device for digital forensics, and accessing mobile phone data in crime investigations is crucial for law enforcement.
Sadly there are many issues faced in this task. Law enforcement does not have adequate tools to access all smartphones. This is because of the rise of encryption and the more secure interfaces to mobile phones. On the other hand, the amount of stored data is rising exponentially. There is a strong need for tools to help in acquisition, decoding and analysis of mobile data. In addition, there is no EU-wide standard on the forensic analysis of mobile phones. This impedes the exchange of data between the EU member states, and hinders the use of evidence in jurisdiction. As a third point, we need better training for law enforcement in the field of mobile forensics. Criminals use the knowledge of experts, and to counter-balance this law enforcement needs more and better experts.
FORMOBILE targets these three aspects of mobile forensics. We will create new tools. We will create a European standard on mobile forensics and we will create a novel curriculum and training for Europe’s law enforcement agencies.
What are some of the main challenges you have encountered while working on FORMOBILE, and how have you addressed them?
The main challenge was probably to bring so many people together and get them all agreed on the agenda and direction: we consist of 19 partners from 15 countries in the project. Our group comprises technicians, lawyers, NGOs, researchers and law enforcement officers – and even communicating in a common language, issues of jargon and semantics arise. To bind us together as a team was very challenging and very instructive.
Another challenge is the paperwork – there are so many documents and forms to complete. I understand that we have to be transparent and accountable, as we receive tax-payer Euros, but I strongly believe a bit more freedom would be very positive for the project. Despite these issues, I am extremely pleased with our progress and convinced we are performing very well.
In your opinion, why is standardisation so important in digital forensics?
Digital forensics has the task of acquiring and analyzing evidence for use in court. We need to be certain that the data and results generated are forensically correct and interpreted correctly. This task carries an extremely high responsibility: the results of a forensic analysis can have a massive influence on the court’s decision between the guilt and innocence of an accused person.
In addition, criminal law is incredibly complex – having access to a clearly defined set of standards in digital forensics will help to alleviate workload for law enforcement officers and prosecutors. It is unacceptable for different forensic laboratories to come up with different results, which depending on the software used, may currently be the case.
Furthermore, borders tend to blur in the modern IT world. Crime does not stop at borders; to fight organized and international crime effectively, law enforcement in one EU member state must rely on the results of forensic laboratories of other member states. This can only be achieved satisfactorily with common ontologies and standardization. I am convinced that standardization is one of the key issues to enable the European Union to become a Secure Union.
The UK has recently adopted the ISO 17025 forensic standard for investigations, but many small companies are finding it costly and time-consuming to keep up with accreditation. Is this a common challenge, and what advice would you give to people facing it?
The ISO 17025 is not specific for forensic laboratories; in fact it is a standard for test and calibration laboratories. FORMOBLIE aims to define a specific standard for mobile forensics. I believe that a specific standard will significantly lower the cost and the time associated with digital forensics analyses, once adopted.
Firstly, if a standard is well-written it will save time and budget because you can avoid ‘groping in the dark’ to find the best forensic analysis path. If adopting a good standard causes additional costs, this implies that the previous work without the standard was of inadequate quality, so a standard will improve forensic results.
Digital forensics carries too much responsibility in terms of deciding outcomes in criminal legal proceedings to be carried out without standardization. We have to perform to the highest possible standard to ensure justice is served within Europe.
Finally, when you're not working, what do you enjoy doing in your spare time?
I have a large family with five kids so I don’t have much alone-time. We live on a hobby farm together with some chickens, ducks and geese. At home, I like to work in the garden and do some hobby beekeeping. If I really have spare time I write articles for Wikipedia, mostly on botany.
Find out more about FORMOBILE at formobile-project.eu.