Researchers in the University of New Haven’s Cyber Forensics Research and Education Group developed a
tool that helped police reconstruct hidden files, leading to additional charges.
The Glastonbury Police Department faced a roadblock. They were trying to build a case
against a suspected voyeur, but they were unable to access files they believed were
hidden on the suspect’s cell phone.
Glastonbury Sgt. Corey Davis had been trying for months to access files he was pretty
sure were hidden on a phone that was seized from the suspect. Davis, one of the founders
of the Connecticut Center for Digital Investigations, was on campus for a tour of
the University of New Haven’s Cyber Forensics Research and Education Group’s laboratory
last month when he mentioned the case to Ibrahim Baggili, Elder Family Endowed Chair
and the group’s founder.
Baggili explained that the group had been working on developing tools and techniques
for reconstructing and decrypting data stored by Vault applications, and he offered
the lab’s services to help.
Within a week, Xiaolu Zhang, a post-doctoral research fellow in the University’s cyber
forensics think tank, designed a special program for Davis to reconstruct the hidden
files on the Samsung Galaxy 6 Edge. That enabled the police to pursue additional charges
against the suspect.
None of the mobile forensic tools on the market are capable of reconstructing or decrypting
this data.
– Ibrahim Baggili
Case Closed
The help from the University of New Haven researchers led to the recovery of 66 new
media files on the phone, including 18 useable ones in the Glastonbury case and 38
videos of use to police in other jurisdictions.
"All together, 42 new victims were revealed in these recovered videos," Davis said.
"The Cyber Forensics Group’s research has allowed us to demonstrate the full scope
of this suspect’s actions and will have a direct impact on the outcome of the case."
Davis said the suspect was ultimately arrested on 12 felony counts of voyeurism.
The group’s research will be submitted to a peer-reviewed publication, and more tools
are being developed to reconstruct or decrypt data that being stored by 18 different
Vault applications on Android phones.