During a digital-related investigation, electronic evidence can be gathered from a variety of sources such as cell phones, hard drives, CDs, digital cameras, electronic files such as JPEGs, and emails. In their raw format, these data are binary files (sequences of 0s and 1s) commonly represented in hexadecimal (hex) notation.
Digital forensic practitioners need to acquire an in-depth understanding of the hex files structure since these files may contain hidden pieces of information needed to establish truth in an investigation case. However, interpretation of binary files is a challenging task since this format was designed to be machine-readable rather than human-readable and, despite several tools for visualisation of hexadecimal files (hex viewers) are available in the market, they usually don’t follow a didactic approach to visualisation, and they require considerable prior knowledge on binary files structures. Moreover, visualisation tools used for training are often not open sources.
The INSPECTr project aims at addressing this gap. The main objective of the project is to provide a shared intelligent platform, designed according to ethics and privacy principles and leveraging several high-tech approaches, to improve digital forensic capabilities and favour cross-border collaboration. To facilitate the EU-wide take-up of such new technologies, an important component of the project will be the creation of training materials to support the adoption of the INSPECTr platform.
The INSPECTr consortium will ensure compliance with the European General Data Protection Regulation (GDPR) and relevant implementations of the Policing Directive (Directive (EU) 2016/680) throughout all stages of development of the platform and related training material. The partners also will conduct a sociological examination of the main ethical, legal and social issues (ELSI) with a particular focus on the relation between law-enforcement powers and the gathering of digital evidence.
Codesigning the INSPECTr tools with the end-users
Trilateral contributes to the Law Enforcement Agencies (LEAs) capacity building programme by creating an innovative open-source tool for visualisation of electronic evidence. The tool will facilitate the management and enhance the understanding of a wide range of binary files commonly found in investigation and will include a user interface through which trainees can explore the structure of a hex file. As part of the INSPECTr project, LEAs will pilot the visualisation tool participating and provide feedback on the content and the delivery methodology.
The INSPECTr electronic evidence visualisation library will bring improvements to the community of digital forensic learners and practitioners thanks to:
- Its open-source approach will ensure sustainability over time by allowing contributors to include new binary files visualisations and improve different tool components.
- Its harmonisation with the standardisation of evidence representation and exchange protocols that will be developed in INSPECTr and that shall favour synergies with other projects and tools.
Although the INSPECTr electronic visualisation tool will be developed within the LEA capacity building programme and will be tested in a training context, it will constitute a useful resource not only for trainees and trainers but also for LEA experts who need to find evidence in complex data structures and explain their findings to a non-technical audience.
For more information on this research area please contact our team.