Mensen laten in het dagelijks leven steeds meer digitale sporen achter in computers, tablets en smartphones die waardevol kunnen zijn voor de opsporing en voor de bewijsvoering in strafzaken. Naast sporen die we bewust achterlaten, zoals berichten, foto’s en video’s, laten onze handelingen ook allerlei sporen na waarvan we ons veelal niet bewust zijn. Tezamen bieden al deze sporen een kijkje in het dagelijks activiteitenpatroon van een gebruiker. Het digitaal forensisch onderzoek dat zich hierop richt, wordt aangeduid als pattern-of-life forensics. Dit onderzoek is een waardevolle aanvulling voor het toetsen en opstellen van scenario’s, maar tegelijkertijd is het ook een complex onderzoeksgebied vanwege de snelle ontwikkelingen in hardware en software.In dit artikel geven we een aantal voorbeelden van pattern-of-life forensics aan de hand van rechterlijke uitspraken, experimenten die zijn uitgevoerd met smartphones en onderzoek dat is gepubliceerd in de literatuur. In het bijzonder hebben we ons daarbij gericht op het aantonen of een handeling met voorbedachte raad is verricht, op het aantonen van eigenaarschap van een smartphone en op de betrouwbaarheid van digitale sporen als die worden betwist. Juist het dagelijkse patroon van activiteiten dat door middel van pattern-of-life forensics wordt vastgesteld, kan bij uitstek vergeleken worden met observaties uit andere bronnen zoals beveiligingscamera’s, andere inbeslaggenomen bewijsstukken en/of getuigenverklaringen.
MULTIFILE
This article deals with automatic object recognition. The goal is that in a certain grey-level image, possibly containing many objects, a certain object can be recognized and localized, based upon its shape. The assumption is that this shape has no special characteristics on which a dedicated recognition algorithm can be based (e.g. if we know that the object is circular, we could use a Hough transform or if we know that it is the only object with grey level 90, we can simply use thresholding). Our starting point is an object with a random shape. The image in which the object is searched is called the Search Image. A well known technique for this is Template Matching, which is described first.
DOCUMENT
In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
DOCUMENT
Due to societal developments, like the introduction of the ‘civil society’, policy stimulating longer living at home and the separation of housing and care, the housing situation of older citizens is a relevant and pressing issue for housing-, governance- and care organizations. The current situation of living with care already benefits from technological advancement. The wide application of technology especially in care homes brings the emergence of a new source of information that becomes invaluable in order to understand how the smart urban environment affects the health of older people. The goal of this proposal is to develop an approach for designing smart neighborhoods, in order to assist and engage older adults living there. This approach will be applied to a neighborhood in Aalst-Waalre which will be developed into a living lab. The research will involve: (1) Insight into social-spatial factors underlying a smart neighborhood; (2) Identifying governance and organizational context; (3) Identifying needs and preferences of the (future) inhabitant; (4) Matching needs & preferences to potential socio-techno-spatial solutions. A mixed methods approach fusing quantitative and qualitative methods towards understanding the impacts of smart environment will be investigated. After 12 months, employing several concepts of urban computing, such as pattern recognition and predictive modelling , using the focus groups from the different organizations as well as primary end-users, and exploring how physiological data can be embedded in data-driven strategies for the enhancement of active ageing in this neighborhood will result in design solutions and strategies for a more care-friendly neighborhood.
Design, Design Thinking, and Co-design have gained global recognition as powerful approaches for innovation and transformation. These methodologies foster stakeholder engagement, empathy, and collective sense-making, and are increasingly applied to tackle complex societal and institutional challenges. However, despite their collaborative potential, many initiatives encounter resistance, participation fatigue, or only result in superficial change. A key reason lies in the overlooked undercurrent—the hidden systemic dynamics that shape transitions. This one-year exploratory research project, initiated by the Expertise Network Systemic Co-design (ESC), aims to make systemic work accessible to creative professionals and companies working in social and transition design. It focuses on the development of a Toolkit for Systemic Work, enabling professionals to recognize underlying patterns, power structures, and behavioral dynamics that can block or accelerate innovation. The research builds on the shared learning agenda of the ESC network, which brings together universities of applied sciences, design practitioners, and organizations such as the Design Thinkers Group, Mindpact, and Vonken van Vernieuwing. By integrating systemic insights—drawing from fields like systemic therapy, constellation work, and behavioral sciences—into co-design practices, the project strengthens the capacity to not only design solutions but also navigate the forces that shape sustainable change. The central research question is: How can we make systemic work accessible to creative professionals, to support its application in social and transition design? Through the development and testing of practical tools and methods, this project bridges the gap between academic insights and the concrete needs of practitioners. It contributes to the professionalization of design for social innovation by embedding systemic awareness and collective learning into design processes, offering a foundation for deeper impact in societal transitions.
The project aim is to improve collusion resistance of real-world content delivery systems. The research will address the following topics: • Dynamic tracing. Improve the Laarhoven et al. dynamic tracing constructions [1,2] [A11,A19]. Modify the tally based decoder [A1,A3] to make use of dynamic side information. • Defense against multi-channel attacks. Colluders can easily spread the usage of their content access keys over multiple channels, thus making tracing more difficult. These attack scenarios have hardly been studied. Our aim is to reach the same level of understanding as in the single-channel case, i.e. to know the location of the saddlepoint and to derive good accusation scores. Preferably we want to tackle multi-channel dynamic tracing. • Watermarking layer. The watermarking layer (how to embed secret information into content) and the coding layer (what symbols to embed) are mostly treated independently. By using soft decoding techniques and exploiting the “nuts and bolts” of the embedding technique as an extra engineering degree of freedom, one should be able to improve collusion resistance. • Machine Learning. Finding a score function against unknown attacks is difficult. For non-binary decisions there exists no optimal procedure like Neyman-Pearson scoring. We want to investigate if machine learning can yield a reliable way to classify users as attacker or innocent. • Attacker cost/benefit analysis. For the various use cases (static versus dynamic, single-channel versus multi-channel) we will devise economic models and use these to determine the range of operational parameters where the attackers have a financial benefit. For the first three topics we have a fairly accurate idea how they can be achieved, based on work done in the CREST project, which was headed by the main applicant. Neural Networks (NNs) have enjoyed great success in recognizing patterns, particularly Convolutional NNs in image recognition. Recurrent NNs ("LSTM networks") are successfully applied in translation tasks. We plan to combine these two approaches, inspired by traditional score functions, to study whether they can lead to improved tracing. An often-overlooked reality is that large-scale piracy runs as a for-profit business. Thus countermeasures need not be perfect, as long as they increase the attack cost enough to make piracy unattractive. In the field of collusion resistance, this cost analysis has never been performed yet; even a simple model will be valuable to understand which countermeasures are effective.
