Martin S Olivier

Research interests

Forensic science is the use of science in the quest for justice – in particular in the legal context. The moniker ‘science’ is imbued with notions of truth not present in notions such as expert – even though many legal systems do not explicitly differentiate between forensic and expert witnesses. Truth derives from epistemology; forensic science requires epistemological reflection.

My research agenda for the next few years will still be derived from a quest for justice. In a paper presented at the IFIP WG 11.9 meeting I use an argument (derived from one formulated by Calude and Longo) that uses Ramsey Theory to show that spurious correlations have to occur in big data; deep leaning is bound to find such correlations and be presented as truth. However, this is a resurgence of the age-old debate of deductive versus inductive knowledge – often paraphrased as the ‘law’ that correlation cannot prove causation. However, we live in an era where the (false) epistemological belief is that correlation is sufficient to obviate (deductive) theory.

I am no longer convinced that the ‘space’ from which truth is required is sufficient to define the discipline. Cyberspace is as poor a delimiter for a forensic discipline as the ‘natural world’ would be. In forensic disciplines the nature of questions the discipline can answer is clearly defined. The report on Strengthening Forensic Science in the United States: A Path Forward published by the US National Academy of Sciences in 2009 is colloquially known as the NAS Report. This report describes an early form of digital forensics (which was a new field in 2009 when the report was published). The report states “The goal of most of [digital forensic] examinations is to find files with probative information and to discover information about when and how these files came to be on the computer” (p.181). This depiction is clearly outdated, but a better answer has not yet been provided. And the question about the accuracy or reliability of such an ill-defined process cannot be determined. The NAS Report further states (p.181) that “some agencies still treat the examination of digital evidence as an investigative rather than a forensic activity” as one of the “holdover challenges” that remain in digital forensics. This claim is still true today, with digital forensics remaining a field where researchers and law enforcement alike occupy themselves with (criminal) investigations rather than (forensic) examinations. Is it possible that, as long as the discipline is defined in terms of a ‘space’, it is natural for researchers to want to investigate matters in that ‘space’ because cyberspace is too broad to derive methods for forensic examination that can be answered with a common understanding of certainty?

I posit that we need to consider subfields, where the questions are clearer and we have a better basis to reflect on the reliability of truth claims made. One example is to think about a subfield such as ‘questioned digital documents’. The implied question is clear: Is a digital document authentic. [Reflection raises many questions about the meaning of authenticity here, but available space precludes discussion here.] For such a question, the question about reliability of truth claims becomes more tractable. One of the challenges for digital forensic scientists is that the question is no longer purely in the domain of cyberspace, but the knowledge of ‘traditional’ questioned document examiners become relevant. I have taken the first steps to exploring the viability of a more internally fragmented, but externally integrated approach. In 2019 I presented a course (which had to be exploratory in nature) on questioned digital documents, which helped me and my students to determine an initial map of such a domain. In 2019 I also submitted a presentation to the AAFS on questioned digital documents, which was accepted for presentation in 2020. In order to facilitate dialogue, I submitted it to the Questioned Documents section of the AAFS, rather than my ‘home’ section (Digital and Multimedia Evidence).

There are many other opportunities to reconsider the application domain. Digital ballistics is an example that has already received some attention, albeit with a somewhat different definition from what I would propose. Compromised computing devices has much to learn from medico-legal examinations. Digital toolmark analysis exhibits notions that are present in physical toolmark analysis (with Locard’s principle featuring prominently). These are not necessarily new ideas – most, if not all of them, has seen some research. However, the challenge that I want to engage with is to consider the epistemology – and by implication – reliability of truth claims in such a more fragmented, but simultaneously more integrated approach to forensic science.

For more information on any of the above see my list of publications. The publications are in reverse chronological order; see those at the top for the most recent information. A list of postgraduate students under my supervision is also available.


[Home] [Research] [Publications] [Courses] [M & D] [Resume] [Contact]
Page maintained by Martin Olivier
Last update: 1 March 2021