Cybercrime and Forensic Computing

Dealing with digital evidence in criminal proceedings involves a range of professions, including digital forensics experts, police investigators, prosecutors, judges, and defense attorneys. Given the varying levels of technical expertise, effective communication is essential to ensure a shared understanding. Poor comprehension can lead to serious outcomes, such as unjust trials and wrongful convictions.

To address this, we are conducting a qualitative interview study with practitioners and experts from these fields to explore the challenges of interdisciplinary communication during investigations and court proceedings. We also aim to uncover strategies already being used to improve communication, with the goal of fostering better collaboration and ensuring more accurate and fair outcomes.

Researcher(s): Benedikt Mader

Many of the problems in digital forensics are difficult to solve through improvements in technical and formal methodological approaches alone. Digital forensics, especially in criminal proceedings, is embedded in a larger, multi- or interdisciplinary cosmos. This leads to various interfaces, requirements, and expectations for digital forensics.

The aim of our research is to create a systematic principle for dealing with these challenges by using established usability principles. Our research is particularly inspired by advances in the field of usable security and human-centered security. The methods and principles of usability are universally applicable and can also be transferred to digital forensics, so that they can contribute to a common understanding between the various professions involved in criminal proceedings.

At the same time, the usability of digital forensics in criminal proceedings can be transferred to digital forensics as an additional layer without compromising the fundamental principles of the field. This allows us to expand our view of digital forensics beyond its current horizons.

Researcher(s): Tobias Hoppmann

Memory forensics is a specialized technique in digital forensics focused on acquiring and analyzing a computer’s main memory (RAM). It is particularly useful for uncovering evidence from active systems, such as ongoing activities, passwords, or detecting stealthy threats like fileless malware.

However, acquiring memory can be challenging and prone to failure or inconsistencies. While much of the existing research has focused on technical evaluations, there has been little attention given to how memory forensics is actually used by people in practice. Our goal is to better understand the experiences and challenges faced by professionals during the different phases of memory forensics. To achieve this, we are conducting a survey aimed at those with hands-on experience in memory forensics.

Researcher(s): Benedikt Mader and Lisa Rzepka