In today's world, the analysis, processing and evaluation of digital data carriers are an essential part of the fight against crime and terrorism. In this context, security authorities such as the Federal Criminal Police Office and the State Criminal Police Offices are confronted with huge amounts of data - for example, when large company networks, thousands of chat messages or tens of thousands of images have to be examined for traces relevant to criminal law. In the Traben-Trarbach cyber bunker, for example, up to 1,000 data carriers containing more than two petabytes (equivalent to about 1,000 billion pages of text) were seized and had to be examined.
Digital forensics for the identification of evidence
The preparation of stored content and artifacts is the task of "digital forensics". To this end, existing and known data structures such as file systems and databases are first analyzed and the data they contain, such as documents, images or chat messages, are extracted. This is followed by a reduction of the data volume based on the boundary conditions given by the investigation procedure. Far more difficult is the search for information remnants in areas outside of this data, such as in partially or completely unstructured data.
Deep Learning to improve and accelerate data recovery
In the CARVE-DL project, the Rhineland-Palatinate State Criminal Police Office, the software developer Binary Impact GmbH and the German Research Center for Artificial Intelligence (DFKI), with the support of the Federal Criminal Police Office (BKA), are investigating and developing new deep machine learning methods and tools to simplify and accelerate the search for these information remnants by the IT forensics of investigative authorities. This involves the use of various Deep Learning technologies to automate and optimize the process known as carving.
The first meeting of the research network took place on December 15, 2022, in Traben-Trarbach, the place where one of the most data-rich investigative proceedings of recent years, the cyberbunker, also originated.
Recovering deleted information
"In digital forensics, carving is a key technique to find hidden or deleted files on digital media and thus significantly supports the retrieval of incriminating or exculpating evidence in investigative proceedings. We will sustainably support our partners at the Federal Criminal Police Office and the State Criminal Police Office of Rhineland-Palatinate in the fight against cybercrime with corresponding AI approaches," said Prof. Dr. Andreas Dengel, Managing Director of DFKI in Kaiserslautern.
The new tools will help digital forensics specialists find and piece together fragments in unstructured parts of data stores. Another goal is to find enough fragments of a deleted or overwritten file in the enormous data inventories of today's IT systems so that images, texts, audio or video files can be partially or completely recovered. "This acceleration is important in order to be able to hand over the results of the digital evidence evaluation to the prosecution offices conducting the proceedings as quickly as possible. In this respect, the project is a very important step towards being able to provide effective digital evaluation methods and tools to counter the often gigantic volumes of data in the investigation process," emphasizes LKA President Johannes Kunz.
Intelligent visualization for forensics
Another challenge of CARVE-DL is the development of an intelligent visualization of the entire carving process. For this, too, the project partners want to develop user-friendly tools that effectively support forensic scientists and investigators in their work. "We are pleased that we can support this project with our experience from innovative visualization and interaction on Large Scale Data from the gaming sector and thus enable a technology transfer from the computer game industry to the field of forensic security research," said Jens Wiechering, the managing director of the project partner Binary Impact GmbH.
Project supported by federal funds
The CARVE-DL project is funded by the German Federal Ministry of Education and Research (BMBF) as part of the "Research for Civil Security 2018-2023" program over a period of three years. In this context, the combination of research institute, investigative authority and industry enables the best possible starting position for research into new methods in digital forensics.