- A chat on forensic computing with Ranul Thantilage
In this ever-changing world in which we live, the way we commit crimes and leave behind trails of evidence is also ever-changing. We’ve all heard about cybercrimes; it’s fairly self-explanatory – a crime committed online, or in other words, in cyberspace. But what about those crimes that happen offline, where what happens online or on our computers play a part in figuring out what happened. Well, that’s where forensic computing comes in.
To learn more about forensic computing and how it works, Brunch chatted with Ranul Thantilage, a Sri Lankan with a vast amount of academic experience in forensic computing. Ranul has done several research submissions on leading international conferences, journals, and books – including IFIP International Conference on Digital Forensics, IEEE International Conference on Trust, Security and Privacy in Computing, Advances in Digital Forensics XVI and Elsevier Journal on Communications and Computer Methods and Programmes in Biomedicine. In addition, he has won several awards from the British Computer Society – The Chartered Institute for IT (Sri Lanka Section), Asia Pacific ICT Alliance, and e-Swabhimani. He is also the chairman of Crate Adventure (Pvt.) Ltd, which is South Asia’s first all-terrain-vehicle (ATV) adventure centre, namely Colombo Mountains located in Gampaha and Colombo Dunes located in Port City, Colombo.
His research lead Ranul to be invited to follow a PhD and take part in a research programme in Ireland, which is something he is currently working on. His current area of research is “big data analytics” and “privacy and security on clinical data warehousing”. He is working at the Insight Centre for Data Analytics in the University College Dublin on a project of the Eastern Corridor Medical Engineering Centre.
Defining forensic computing
Forensic computing aims to gather necessary information through a well-structured and proper investigation to find out what exactly took place on a specific computing device and to determine who was using the device.
As a prominent branch of the digital forensic sciences, forensic computing looks for evidence stored in computers, smartphones, tablets, and other digital storage media. The evidence unveiled by the forensic computing professionals can be referred to in court settings and can be used to provide necessary information to steer a case.
“Cybercrime investigation focuses more on criminal offences involving the online computing space,” Ranul explained when asked about what sets forensic computing apart from cybercrime investigation. “Forensic computing is more of an investigation to find evidence after a crime has occurred with any digital device. Just like forensics applies to a dead body, computers and digital devices too have a forensic side that is investigated by law enforcement to see how that crime happened using that digital device.”
Forensic computing can be done on any digital device. Ranul’s background in forensic computing is mainly research-based and his research has more to do with volatile memory forensics, social media, instant messaging, and e-dating forensics.
Becoming a forensic computing analyst
The road to studying forensic computing is an interesting one that Ranul has been on for the last six or seven years and began with him reading for a Bachelor’s Degree in Computer Networks and Security, before going on to pursue law enforcement restricted Masters in Forensic Computing and Cyber Crime Investigation, along with certifications in different forms of forensic computing and crime responses along the way.
This is not the end of Ranul’s academic journey though. He’s currently reading for his PhD. His current research focuses on clinical data privacy, “It has to do with data warehousing and data analytics and fixing privacy issues,” Ranul shared. “In our country, we don’t take privacy very seriously, but in Europe it’s a huge concern. What I’m trying to do is build a framework to analyse data in a secure way that respects privacy.”
Speaking about what got him interested in forensic computing, Ranul explained that he had an interest in computers and all things digital when growing up and found it fascinating – especially when seeing investigators who used technology to help solve cases. “Anything that relates to crime and investigation is forensic, and with technology, everything is a new opening – how one tracks a computer or commits a crime using a computer changes every day, hour by hour. That’s mainly why I’m in the field; because it’s always changing.”
Forensic computing and Sri Lanka
In the Sri Lankan context, we never hear of forensic computing being used very much, if at all. Of course, the police do things like going through people’s phones for evidence for an arrest. But beyond that, it’s not clear, or we simply do not hear of cases that use forensic computing.
Having consulted the Defence Ministry on forensic computing and cyber security prior to going on to do his doctorate, Ranul shared his perspective with us. “Digital devices update on a regular basis, hence forensic devices should support newer firmware, as data storage mechanisms and patterns change from version to version. We do investigations, but when it comes to the digital forensic side of data recovery mechanisms and such, it’s mainly beginner to intermediate level techniques. Devices for forensic computing are also quite costly, and sometimes we don’t have the resources to go into that level of data recovery and acquisition.”
A big misconception Ranul has seen when it comes to forensic computing – both in Sri Lanka and abroad – is the misconception that forensic computing and cybercrime investigation are the same thing. “Most people work towards cybercrime investigation and less in forensic, but they are two very different fields. Not everything to do with computers is cyber.”
A lot of Ranul’s current research, for example, has to do with e-dating, social media, and instant messaging applications, and seeing how much data you can apply from these platforms to form predictions and conclusions. “It’s interesting to see how much data you can get out of an e-dating app or any simple app. If you get something like an iPhone backup out of a computer, you can figure out who the phone’s owner was with and where, the locations of the people they were talking to, and in cases of kidnapping and child exploitation, things like this can help solve a case and save lives.”
Forensic computing and day-to-day privacy
With knowledge of what forensic computing entails, the question arises: how much should we worry about our data being accessible online? Clearly, in some cases, like if something were to happen to us, this data being accessible could help save our lives. But how vulnerable does sharing our data on these apps make us?
“Obviously, from a forensic computing perspective, the more data we have the better for us,” Ranul quipped. “But in terms of general use, it’s always good to allow access to only the information you think is needed essentially by the app. For example, why does a chat app need to know your location? Being careful is good, and you must be sure not to allow apps access to too much information. Most apps have settings where they can only access your location when you are actively using the app and not otherwise, but this option is not always easily displayed to users.”