The code seemed unbreakable to the experts at the Hellenic Police’s (ELAS) Digital Forensics Department dealing with a computer that had been seized during an investigation into a music teacher accused of sexual harassment by a pupil. The suspect had given them phony passwords and none of their usual decryption techniques was working.
But then they spotted something odd in the data, an unusual sequence of 32 characters that were repeated again and again. A forensic investigator with knowledge of music realized that they represented notes from Beethoven’s “Ode to Joy,” the fourth movement of the composer’s Ninth Symphony. That knowledge became the key to cracking the suspect’s encryption code and unlocking a large part of his files, exposing his online activities.
“Every interaction on our computer, cellphone or in physical space leaves a trace. Our job is to identify and isolate this trace, glean the information we need from it and come to a conclusion that will help solve a case,” Alexandros Vassilaras, the head of the Digital Forensics Department, a branch of the Forensic Science Division (FSD), told Kathimerini.
For FSD director Dr Penelope Maniati, digital forensics “is the third revolution” in applied criminology after fingerprints and DNA. “It has already yielded key evidence and, in the future, thanks to the technology being developed, it will play an even bigger role,” she said of the evolving science.
ELAS’ Digital Forensics Department rose to public prominence earlier this year in connection with a cellphone and a smartwatch that helped crack the case of Caroline Crouch, the 20-year-old British-Greek mother murdered in her home on the outskirts of Athens in May by her husband who only confessed to the crime in June after being faced with a preponderance of incriminating evidence. Kathimerini visited the department’s lab and observed its experts at work.
The Digital Forensics Department became an independent branch of the FSD in 2012 after having previously come under the jurisdiction of the forgery department. It is staffed by 37 individuals, 30 of whom are experts with backgrounds in information technology and/or digital criminology. The department handles around 1,000 cases a year, on average, with the most common items coming under investigation being cellphones. In around 10% of burglary and robbery cases, the perpetrators have dropped a cellphone while fleeing the crime scene.
On the day of our visit, one investigator was photographing incoming evidence, another was examining the course of a seized drone on its GPS, a third was analyzing the data from a smartwatch and a fourth was trying to clean a cellphone that a suspect has thrown into the sea.
In another office, an investigator looking into an intellectual rights case was using an algorithm to sift through tens of thousands of results, and, in the basement storage area, stacks of metal shelves held plastic boxes containing evidence bags, each of which was assigned with its own individual barcode and logged into the central system, which keeps track of the chain of custody.
Vassilaras explained that the investigators are briefed on the essential parameters of every case and must work out a profile of the main suspect or suspects so that they can pinpoint what might be an important piece of evidence in a large volume of data and information. He mentioned the increasing storage capabilities of cellphones. “Especially when it comes to so-called ‘white-collar’ or financial crimes, we have to examine thousands of pieces of evidence. We had one case where the data exceeded 1.5 petabytes,” he said, referring to a volume of data 1,000 times greater than a terabyte. The average for any handler is usually around 10 terabytes, he explained.
“There are certain artificial intelligence algorithms that help us extract the information faster, but you still need the human factor to determine whether the result is in fact correct,” noted Vassilaras.
The time it takes to extract a nugget of information depends on the nature of the case, the volume of evidence and any hurdles the investigators may come across, like encryption techniques. “Anything that locks can be unlocked. But how long it takes is the question,” he said, referring to child pornography cases where the networks are often technologically sophisticated.
One such case remains etched in Vassilaras’ memory. The lab had been examining the digital devices of a computer technician working in downtown Athens when, among other evidence related to the initial case, they also stumbled upon some 115 files containing the personal data of customers who had taken their computers into his shop for repairs. It was a typical example of an investigation into one crime that yields evidence of another.
Vassilaras explained that the way evidence is examined is a painstaking process designed to safeguard the integrity of the information and ensure that a second investigator (a technical consultant, for example) will come to the same conclusions.
“The FSD provides a scientifically and technologically substantiated expert opinion that is considered evidence of significant value. How this information is used is of course up to the judicial authorities, but they still have to provide a convincing argument if they choose not to use it,” explained Maniati. “It is evidence that will be contained in the case file until the very end of the judicial process.”
Laptop and desktop computers, USB sticks and other mobile storage devices and DVDs are the most common items to land on investigators’ desks at the Digital Forensics Department. Every so often, they may need to examine a gaming console used, for example, by a sexual predator to approach children, or a drone such as one that was used for surveilling crucial infrastructure. The lab has also examined several smartwatches since they’ve been around, but they have never proved as crucial as they did in the Caroline Crouch murder investigation.
According to information that has already been made public, the smartwatch, which belonged to Crouch, kept a record of her heartbeat on the night of the murder and has provided valuable clues into the actual timeline leading to her death. A cellphone was also found at the scene, belonging to Crouch’s husband, Haralambos (Babis) Anagnostopoulos, who later confessed to the killing. It had a step tracker that provided evidence of his movements inside the house and between its two floors. It also showed activity during the period that he claimed to have been passed out in his initial story of Crouch being killed in a violent burglary, during which he was tied up and unable to help. It was this and other compelling evidence that eventually led to Anagnostopoulos’ arrest and his subsequent confession.
“Life is becoming increasingly digital and modern cars will be computers in their own right,” said Vassilaras. “A car, a smart home will, eventually, be able to yield crucial data.”