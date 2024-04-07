bIn a murder, at least two cell phones have to be analyzed – from the suspected murderer and the victim. A Nokia cell phone from the digital Stone Age used to have a memory of eight megabytes. Today, videos, chats, photos and movement data of more than one terabyte can be stored in a smartphone. In addition, there is everything that leaves a trace in the household: the oven that is connected to the WiFi – when did the victim bake the last pizza? The car's app: When did the murderer park in front of the house? The robot vacuum's route memory – did it drive around the body as it lay covered in blood on the living room carpet?

There is a lot of discussion and reporting about cybercrime, i.e. hacker attacks on hospitals or companies. What is less known is how the flood of digital evidence following analog crimes is revolutionizing police investigative work and changing criminal procedures.

For example in the State Criminal Police Office in Baden-Württemberg. There is a large poster with a timeline hanging in front of the offices of the IT investigators and forensic experts: In the beginning there was the blood trail. Then came the DNA analysis. Now the evaluation of data plays a major role. Baden-Württemberg, Hamburg, Berlin and Schleswig-Holstein have or are currently setting up their own departments for cyber investigations and digital trace analysis, Bavaria does not yet.



















This text comes from the Frankfurter Allgemeine Sonntagszeitung.









Digital forensics begins the moment investigators enter the crime scene. “A router needs to be secured as quickly as a blood trail. If it is taken off the internet, we no longer know who logged in via WLAN,” says Mathias Bölle, head of the cybercrime and digital traces department at the LKA in Stuttgart. In the old analog world, the physical presence of the perpetrator, victim and witness counted; now investigators always have to conduct international research because every smartphone has a Google or Apple account. “Today you can't get anywhere with regional structures, even with relatively simple cyber crimes. “Even if it involves a relationship crime in a close social area, you usually need a cooperative server operator abroad or an international request for legal assistance in order to get access to data relevant to the procedure,” says Bölle.







“What worries us is the development on the dark web”

The State Criminal Police Office has 140 employees working on cyber investigations and securing, analyzing and evaluating digital traces. In the 13 police headquarters, another 320 employees are involved in these tasks – police officers, civil servants, employed scientists and IT specialists. Backing up data at the crime scene is a task in which as few mistakes as possible should occur: smartphones should never be completely discharged because the data will then be saved in a format that is difficult to decipher. The laptops must be brought quickly to the State Criminal Police Office's laboratories so that the data and hard drives can be mirrored. They must not be started up beforehand because even the smallest changes to the device can reduce the evidentiary value.

Because the amount of data is so huge, the investigators have to form a hypothesis about the course of the crime early on in order to be able to concentrate on the most important digital traces. Bölle says that you are faced with a “universe of traces” that you have to decipher and organize. “In the main hearing it is important to prove to the defense lawyers that we have evaluated the correct leads and not ignored relevant leads. In times of AI, it is also becoming increasingly important to prove that the voice in the audio file is not a deepfake, i.e. that the defendant is actually speaking.”