Researchers in the University of New Haven’s Cyber Forensics Research and Education Group developed a tool that helped police reconstruct hidden files, leading to additional charges.
The Glastonbury Police Department faced a roadblock. They were trying to build a case against a suspected voyeur, but they were unable to access files they believed were hidden on the suspect’s cell phone.
Glastonbury Sgt. Corey Davis had been trying for months to access files he was pretty sure were hidden on a phone that was seized from the suspect. Davis, one of the founders of the Connecticut Center for Digital Investigations, was on campus for a tour of the University of New Haven’s Cyber Forensics Research and Education Group’s laboratory last month when he mentioned the case to Ibrahim Baggili, Elder Family Endowed Chair and the group’s founder.
Baggili explained that the group had been working on developing tools and techniques for reconstructing and decrypting data stored by Vault applications, and he offered the lab’s services to help.
Within a week, Xiaolu Zhang, a post-doctoral research fellow in the University’s cyber forensics think tank, designed a special program for Davis to reconstruct the hidden files on the Samsung Galaxy 6 Edge. That enabled the police to pursue additional charges against the suspect.
“None of the mobile forensic tools on the market are capable of reconstructing or decrypting this data,” Baggili said.
The help from the University of New Haven researchers led to the recovery of 66 new media files on the phone, including 18 useable ones in the Glastonbury case and 38 videos of use to police in other jurisdictions.
“All together, 42 new victims were revealed in these recovered videos,” Davis said. “The Cyber Forensics Group’s research has allowed us to demonstrate the full scope of this suspect’s actions and will have a direct impact on the outcome of the case.”
Davis said the suspect was ultimately arrested on 12 felony counts of voyeurism.
The group’s research will be submitted to a peer-reviewed publication, and more tools are being developed to reconstruct or decrypt data that being stored by 18 different Vault applications on Android phones.