Forensics and its relevance for the digital future
An explanation of terms by Lars-Martin Knabe, Research Officer Secure Society at the Agentur für Innovation in Cybersicherheit (Cyberagentur).
“In this year’s European Cyber Security Month campaign, we are taking a deep dive into the world of social engineering, where cybercriminals use clever manipulation tactics to breach our security defenses.” This is how the European Union is promoting this year’s Cybersecurity Month online. When it comes to the knowledge and tools we need to protect ourselves from cybercriminals, digital forensics plays an important role in solving crimes in cyberspace.
Cyberspace is not a law-free zone, which is why it is important that criminal acts can also be solved in connection with the virtual world. There is a young and exciting discipline for this: digital forensics! This young science has its origins in the real (analog) world:
England, September 19, 1987, Colin Pitchfork was arrested for the murder of two girls. The special thing about this case is that Pitchfork was the first person to be convicted with the help of a DNA test. His trace was found with the help of DNA serial testing. This is the first time that this examination method has been used and is now the standard for proving a person’s identity. This progress has helped to raise awareness of the necessity and value of forensic science in the field of criminal investigation.
A considerable amount of time has passed since then and conventional forensics has made progress and is now a standard tool in forensic work. A look at recent history, however, shows how digitalization has also changed the fight against crime. For example, previously empty letterboxes have developed into online marketplaces.
In April/May 2019, for example, the darknet platform “Wall Street Market” was taken down by the BKA in cooperation with the FBI. Stolen data, drugs, malware and forged documents were offered for sale on the second-largest criminal online marketplace. This platform was accessible exclusively via the TOR network in the so-called Darknet. It was geared towards illegal and criminal goods. The goods were paid for using BITCOIN. 63,000 offers for sale were posted on the online platform and 1,150,000 customer accounts with over 5,400 sellers were registered. [1]
This is just one example of how criminals organize and operate on the Internet to conceal cybercrime and protect their customers. IT forensics is needed to prove local and global cybercrime in accordance with the law in order to hold criminals accountable for their actions.
Forensics encompasses all interdisciplinary sciences that can contribute to the criminal investigation of a crime. Examples include the recording of biometric crime scene evidence such as fingerprints, the analysis of crime scene photos or the reconstruction of data on confiscated hard disks. An essential principle of forensics (Locard’s exchange principle) states that traces are exchanged every time two objects interact. To achieve this, forensic scientists must draw on the sciences of medicine, chemistry and computer science, among others. A trace must always be secured in such a way that it will stand up in court and has been obtained correctly without any doubt. For this reason and the constant technical progress, forensics is an exciting science with many unanswered research questions.
One example of a newly emerging research gap is the transition of traditional forensics to digital issues, e.g. how can crimes that could be committed with modern artificial intelligence, such as the well-known chatbot “ChatGPT” or the image generator “DALL-E” or autonomous vehicles, also be proven. This is precisely what IT forensics, with its characteristics of objectivity and accountability, is predestined for, which sets it apart as a recognized science from the attempt to make AI explainable (XAI).
In order to examine such systems in digital forensics, numerous characteristics must be fulfilled. If a court has doubts about the transparency, integrity, credibility, repeatability or acceptability of forensic methods and the documentation of the chain of custody, this can lead to the value of evidence being reduced or declared inadmissible.
What role does the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) play in digital forensics? The Cyberagentur deals with issues that are likely to be relevant to the cyber security of a digitally networked Germany in 10 to 15 years’ time. The “Secure Society” department within the Cyberagentur focuses on digital sovereignty from a socio-technical perspective. In the research project “Forensics of Intelligent Systems” (FIS), which was announced on September 8, 2023, methods and tools are to be found to be able to evaluate complex artificial intelligence systems in a forensic manner(https://www.cyberagentur.de/fis/). As there have been almost no research approaches in this area to date and the question of the forensic verifiability of possible crimes in cyberspace is immensely important for the future security of our society, this project can contribute a considerable gain in knowledge by combining the technical with the legal perspective.
As a guideline, the focus should be on AI systems that have a high number of parameters. They are referred to as “deep neural networks” and their decisions can no longer be easily traced (black box character). Forensic analysis should make it possible in future to detect attacks carried out against these systems. Examples of the aim of such attacks include unauthorized access to the data used to train the AI or manipulation of the AI with “false” training data (data poisoning). The consequences can be serious because, for example, faulty vehicles can lead to accidents or confidential data can be stolen from chatbots. This project could form the basis for future patching of the vulnerabilities identified as a result.
The background to the Cyberagentur’s FIS research project is the fact that around 87% of German companies consider intelligent systems to be a decisive factor in their economic success[2]. Entrepreneurs hope that AI applications will save them time and money. However, the lack of specialist knowledge leads to risks of manipulation.
The mystery surrounding the science of digital forensics has been solved. Many cases of cybercrime have not yet been solved. In summary, however, the Cyberagentur’s research project aims to counter the rapid spread of AI systems in order to prevent misuse and provide law enforcement authorities with more far-reaching and legally secure forensic tools in the age of digitalization.
Further information: https://www.cyberagentur.de/fis/
https://www.cyberagentur.de/forschungsprojekt-zur-digitalen-forensik-ausgeschrieben/
[1] https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2019/Presse2019/190503_WallStreetMarket.html (visited on 24.10.2023)
[2] Deloitte, ed. “AI Study 2020: How do companies use artificial intelligence? AI-relevant technologies, strategies, skills & challenges in practice.” (2022), address: https://www2.deloitte.com/de/de/pages/technology-media-and-telecommunications/articles/ki-studie-2020.html (visited on 28. 09. 2022) (see pp. 2-4).