Daniel Spiekermann
Daniel Spiekermann has more than 20 years of experience in communications technology and worked for many years as a forensic scientist for various law enforcement agencies, focusing on computer and network forensics. After completing his doctorate at the FernUniversität in Hagen in 2019, he began working as a professor of digital forensics at the Lower Saxony Police Academy in 2020. Since 2023, he has been teaching as a professor of distributed systems at the Dortmund University of Applied Sciences and Arts, conducting research on virtual networks and digital forensics.
Session
You’ve wiretapped a suspect’s internet connection. You have the entire packet capture — but not a single clue about what’s relevant, or even what you’re trying to find.
In this session, we walk through a real-life criminal investigation involving the forensic analysis of a standard residential internet connection. The task: uncover evidence of illegal online activity, without prior knowledge of the services used, IP addresses involved, or even the nature of the communication.
Using only Wireshark and patience, the investigator faced hundreds of thousands of packets, countless domains, and protocols ranging from common to obscure. There were no predefined indicators of suspicious communication—just raw traffic and a hunch that something was hidden within.
This talk will demonstrate how targeted filtering, temporal analysis, and a dose of good old-fashioned intuition led to the successful identification of suspicious communication. Starting with nothing but a massive stream of packet