Extremely exciting job: closing gaps in cyber forensics and supporting authorities in active investigations

© Volker Lannert
In July 2018, Martin Lambertz and his colleague Jan-Niclas Hilgert won the prize for the best scientific paper at the Digital Forensic Research Workshop USA (DFRWS), one of the world's leading conferences for digital forensics, for the second time in a row.
© Volker Lannert
Every two years the Fraunhofer FKIE organizes a technology forum on the Wachtberg campus, where the institute's latest research findings are presented to an exclusively invited group of expert visitors. At the last edition, in August 2018, Martin Lambertz and Jan-Niclas Hilgert presented their network data analysis tool »pcapFS«.

Martin, why do you like working at the Fraunhofer FKIE?

ML: Mainly because of the pleasant working environment and the nice colleagues. The climate is great, we also do a lot together outside of work. From the technical perspective, however, FKIE does not do research for the sake of doing research, but for solutions to concrete problems. Afterwards, you can see that your work actually made an impact and has made contributions elsewhere. That's motivating.

 

What is your work like in the Cyber Analysis & Defense department? The name of the department alone sounds very exciting.

ML: In our department we are working to close gaps in cyber forensics and security and make it more accessible to investigators. To some extent, we also support security authorities in active investigations. That's always very exciting.

 

But what does that kind of support look like?

ML: The authorities approach us when they don’t have the capacity or appropriately trained personnel for certain forensic tasks in house. On the one hand, these are rather short-term and very specific tasks, like analyzing a hard disk or a particular application. On the other hand, we also support the authorities in longer-term investigations. This includes tasks like developing new tools and methods. From time to time, cases come along which the authorities would have to abandon had it not been for our support. That's especially motivating.

 

And you even support international investigations to some extent?

ML: Yes, for example in breaking up »Avalanche.« The botnet infrastructure has infected hundreds of thousands of personal and business PCs and mobile devices worldwide with malware. FKIE was heavily involved in the technical part of the investigation. At the end of 2016, there was a coordinated worldwide intervention between security authorities. Arrests were made in several countries simultaneously, and the network was dismantled.

 

So, you work at FKIE mainly for the exciting assignments?

ML: Yes, that and because here you also have the opportunity to do your own research. Of course, it should fit into the context of the institute and its orientation. But that's actually always the case. Most people who start here do so because they find this environment highly interesting and exciting. As long as our project work doesn't suffer, we have quite a free hand here. And it is not uncommon for side projects to also produce things that are later funded.

 

Your department is closely linked to Informatik IV at the University of Bonn. How's that going exactly?

ML: We give lectures and seminars and support bachelor and master students with their final theses. That's how I got to the institute here. About once a week, students come to us and we discuss the content and progress of their work.

 

Do you assign topics for their papers or can students come to you with their own ideas?

ML: It can go either way. Students can submit their own topics - this shows that they already have a certain personal interest in the subject matter - or we can suggest topics. These tend to be issues of interest to the institute and our own research. If theses and collaboration go well, graduates often stand a good chance of being taken on as research assistants. So, they move directly into a permanent position and we have new employees who are already familiar with our research topics: a win-win situation.