Forensic Computing Group

Forensic computing is a branch of forensic science pertaining to digital evidence, i. e., any legal evidence that is processed by digital computer systems or stored on digital storage media. Forensic computing naturally evolves within the intersection of several established research areas such as computer science, computer engineering and law, and it can build upon both the established research results in these fields as well as the rigorous scientific research methods that have been developed.

Overall, the nature of digital evidence (e. g., the possibility to make perfect copies) makes it hard to transfer legal notions and intuitions (e.g., of authenticity and integrity) from non-digital evidence. Therefore, forensic computing poses many technical and legal challenges. For example, the tendencies towards “proactive forensics” in modern societies manifest themselves in complex technical surveillance systems (like those based on large sensor structures or “big data”) and have profound (also legal) effects on data protection and privacy. Another relevant aspect are performance enhancements of operating systems or applications (like the use of caches or re-use of memory blocks) which usually amplify the amount of traces left by user interaction.

The lab’s forensic computing group is a forum for research in all of these areas. We perform fundamental and practical research and teaching in evidence acquisition, main memory and file system analysis, automatic event reconstruction, effects of forensic computing on fundamental rights and other relations of techniques in computer science to criminal law and criminal procedural law.

We actively coorperate with the international research community, especially in the context of DFRWS and the IMF conferences.