The four-year AFoLab project, led by Tom Rebok (head of our data analytics team), continues the long-term successful cooperation between ICS and the Police of the Czech Republic. The project focuses on automating complex and repetitive data-analytical activities of police investigators, who will thus be able to focus on more complex and advanced activities of crime investigations.
AFoLab is an abbreviation for the Automated Forensic digital data Laboratory for detecting complex criminal activity. As the name suggests, the project focuses on supporting the key stages of the digital forensic analysis process. Due to the growing amount and variety of captured and analyzed data, this is becoming more demanding for police investigators. The team of researchers, together with Tom Rebok, aims to create a prototype of an automated forensic laboratory that would help police crime investigators to minimize routine activities and enable them to focus on more complex tasks where their experience is irreplaceable.
We Are Building Situational Awareness directly inside the Analytical System
Digital criminology has always been a complex discipline requiring highly qualified IT experts, but there is usually a lack of them. Along with the constant increase in the volume of captured data, which needs to be effectively searched for indisputable proof or refutation of the investigated activity, the time and professional demands required from the crime investigators also increase. In addition, the entire investigation process is significantly complicated by the diversity of both data sources and, above all, the variety of captured data (file systems, communication and multimedia data, financial transactions, etc.). And it is the process of analyzing the captured contexts and collecting evidence that criminal investigators must deal with on a daily basis. If they wouldn't do it, criminal acts can go unpunished. Appropriately applied IT technologies make the whole process easier and more efficient.
„Our driving force is both new experience and research findings published in the scientific literature and applied in practice, as well as the effort to help our society.“
"The process of investigating criminal acts by analyzing digital data normally works in such a way that the criminalist obtains knowledge from a set of analyzes carried out in various data-analytical systems, based on which s/he reveals mutual connections and builds a so-called situational awareness, captured by the external system and criminalist’s head. In addition to large data volumes, routinely repeating activities, and the constant need for new, more effective and robust analytical methods, the process is even more complicated because newly discovered knowledge may return the entire investigation to earlier stages. They can bring essential, temporarily unconfirmed, or unknown facts which need to be confirmed or refuted by previously implemented analyses. Moreover, the whole process is challenging to reproduce and puts a huge burden on the investigator, who has to keep many details of the individual phases of the investigation process in his head", explains Tom Rebok.
A New Era of Digital Forensics Analysis: A laboratory that Helps to Detect Criminal Acts
The research team aims to create a prototype of a digital forensic laboratory that will facilitate the process of detecting and proving criminal acts using various techniques and modern IT technologies. The laboratory will provide a modularly expandable set of data-analytical techniques enabling unified analysis across data domains. It will automate the routine activities of investigators, support the building of situational awareness and structured knowledge directly inside the analytical system, and facilitates the subsequent reproducibility and "auditability" of the entire forensic process.
The investigators will rely both on their own knowledge of IT systems forensic analysis, communication infrastructures of Masaryk University and the CERIT-SC computer centre. Moreover, they count on the experience of earlier cooperation with police investigators. Such a laboratory can not only pre-process the available data using IT systems and electronic communications and conversations for criminologists but will also offer its initial analysis, enabling more effective direction of the next steps of the investigation.
A Unique Connection of IT and Forensic Experts
In addition to developing a prototype version of a secure analytical platform using modern Kubernetes and CEPH cloud technologies, the AFoLab project also aims for research publication outputs. During the four years of running, it will also bring a set of applied data-analytical forensic methods, using, among other things, the principles of artificial intelligence, similarity and exact search, or GPU acceleration.
In addition to the ICS team (including security specialists from CSIRT-MU), experts from the Faculty of Informatics and police investigators in the role of consultants also participate in this project. Considering excellent previous experience, the project managers emphasize the involvement of students, who can thus merge their work on the project with bachelor's, diploma and doctoral theses or internships. At the end of the project, the prototype version of the developed platform will be put into operation in the Police of the Czech Republic infrastructure so that its applicability and benefits in real investigative practice can be verified. Therefore, the resulting laboratory has great potential to become a significant part of the practical investigative procedures of the Police of the Czech Republic.
"Our driving force is both new experience and research findings published in the scientific literature and applied in practice, as well as the effort to help our society. If our system helps by solving even a single criminal case that would otherwise go unpunished or, on the contrary, contributes to the clearing of a single falsely identified suspect who would otherwise face inconveniences related to police investigations, it was worth the enormous effort", adds Tom Rebok.
RNDr. Tomáš Rebok, Ph.D.
Head of the research group at the CERIT-SC center and deputy head of the IT Infrastructure Division of the Institute of Computer Science. He focuses on research in the field of Data Science, where he has successfully collaborated with institutions such as CzechGlobe (Global Change Research Institute of the Czech Academy of Sciences), the Police of the Czech Republic or the Institute of Physics of Materials of the Czech Academy of Sciences.