A Valiant Warrior on the Data Battlefield

Chen Yan Jing Ran

Instructions， images， and data flash up on multiple digital dashboards. A uniformed police officers is at his desk， staring at the information flitting across the screens. With occasional click of his mouse and the stroke of his keyboard， his expression alternates between thrill and disappointment.

He had been seated in that position for over an hour， with only his hands and eyeballs moving. Though bearing a look of calmness， his brain had been filled with a surge of information from which he was striving to find valuable clues to the case. This requires not only professional skills and sharp eyes， but also inexhaustible patience to wade through the vast ocean of information.

"Eureka，" he let out a small shriek， cutting through the serenity of the lab. He finally identified vital information that could serve as a critical clue to a fraud case.

The officer's name is Li Guo， a member of the Digital Forensic Research Lab of the Public Security Bureau in Hechuan District， Chongqing. He was born in the 1980s and has been doing this job for 13 years. He was recently granted the 2023 National May Day Labor Medal.

A Warrior of Information Warfare

Computers had been running for hours in the lab and their temperaturesrose above 60-degrees Celsius—too hot to touch with bare hands. Amidst the heat， an information war， smokeless but fierce， was underway.

Ten minutes， half an hour， one hour – time flowed silently amid the tranquility of the lab， where only mouse clicks and keystrokes were audible. These are like the swords and spears clanging on the battlefield. "Eureka！" Li jumped to his feet， cheering for his success in detecting important information.

Li has short hair， a round face， and wears glasses—he looks like a typical science nerd. However， his sturdy physique and suntanned skin distinguish him from a frail scholar. He is a man of both the pen and the sword. At work， he usually sits in front of the computer for the whole day like an unwavering black iron tower. During exercise， he removes his glasses and becomes a human dynamo， prompting an easy association with a soldier charging forward on the battlefield. "Wearing a mustache and taking off his glasses， he looks much more like ‘Zhang Fei'， one of the fierce generals in the Three Kingdoms period in ancient China，" one of his colleagues joked. Li responded with a simple grin， making him all the more like Zhang Fei.

"A strong body is a good asset， as a weak one could hardly stand the strenuous work，" he says with a wide smile on his round face. But once he gets on duty， he immediately turns serious and keeps a poker face.

Counterfeit medical mask scams erupted in early 2020 when the Covid-19 pandemic broke out. The police force of Hechuan District took action to crack a fraud of this kind. The suspect had falsely claimed that he had masks in stock and put them on sale online for 2-4yuan a piece. In a dozen days， he swindled consumers out of over 1 million yuan.

With the suspect arrested， the top priority was to identify the victims. However， the illegal money was so huge that even the suspect could not figure out how many people he had cheated. This tough nut was handed over to Li.

"This is hard-earned money from the victims. They must be anxious. ，" he recalled and threw himself into the lab immediately.

On the workbench were the suspect's three mobile phones. Unfortunately， the suspect had deleted all data from the phones， posing a new challenge for evidence collection and further investigations. Li tried everything for two days and nights， and finally recovered the fraud information from the phones. The transaction history here covered showed a total cash flow of over 13 million yuan， through 17，834 transactions for 3，361 buyers. After scrutinizingthe figures and chat history， he identified over 80 victims across the country， and returned the money to its original owners.

"Data Doesn't Lie"

Li is now deputy chief of the Forensic Science and TechnologyBrigade of the Criminal Police Branch under the Public Security Bureau of Hechuan District， Chongqing.Ranked as a "national young talent" in this field， he is a member of the Electronic Forensic Science and Technology Committee under the Forensic Science Association of China， and one of Chongqing's first batch of city-level instructors in digital forensics.

In 2010， Li joined the police force in Hechuan District after graduating as a bachelor in computer science. In October 2016， the Public Security Bureau of HechuanDistrict established a digital forensic research lab. Since then， he has been working in electronic forensics. Now a "top gun"of the lab.

Unlike criminal police officers， who attend crime scenes personally and use their criminal investigation techniques to collect fingerprints and marks as physical evidence， Li assesses digital evidence. The electronic lab is his battlefield， where he fights against a vast ocean of information.

"An electronic device may know a person better than his or her family. We discover vital clues or crime history from those devices，" he says. He can retrieve data in the lab from a wiped computer， smashed hard disc， acid- or water-soaked chip， or even a broken mobile phone. From that data he gets important information to form a complete chain of evidence.

The development of mobile internet technology enables electronic data to become a new key form of evidence. "People lie， but electronic data does not， "Li believes.

Electronic evidence does not lie， but electronic products change very fast， making new methods of crime available. In response， Li has kept learning and creating new approaches to inspections.

On one occasion， more than 500 documents were piled up neatly on Li's workbench for urgent verification. They were related to atelecom fraud casethat the police force had cracked， involving over 100 suspects and over 200 crime-committing devices including mobile phones.

Early investigations reveals that the fraud ring was so cunning and well-organized that there was a potential risk of collusion in confession. One minute late could incur a greater loss. But where should the investigation start in such a tight timeframe？" some wondered.

Li ignored the doubters and stepped into the lab to immerse himself in the case. Two days later， he had a set of visual analysis models to screen and verify the documents， images， data stored in the mobile phones by category. With this technology， Li and his team completed the verification of 500-plus documents in less than one month， accurately and completely extracting the crime-related data， unpicking the complex web of the scam， and clarifying the structure of the ring. This provided a useful clue for deeper investigation into the case. Previously， without this supporting technology， verification of these documents would take one year to complete.

Up to now， the lab has been helpful in a wide range of cases including homicide， rape， sexual harassment， telecom fraud， theft， and drug trafficking. The lab has become one of the backbones for various police forces. Meanwhile， the lab has also received requests for verification from other institutions like the procuratorate of Hechuan District.

In 2022，the lab was entrusted to help deal with over 800 cases and verify about 1，400 documents， ranking first in both respects among all labs of its kind in the city.

Li has a hectic job in digital forensics – he spends over 10 hours every day in the office， operating several computers alone and performing lots of repetitive tasks. Eye drops are one of the most important supplies on his desk. When asked what is most essential in his profession， he briefly thought about it and uttered one word： meticulousness.

One must be meticulous when it comes to testing and verification. For example， in the face of a huge number of digital devices and a tremendous amount of information， it's quite a challenge for Li and his team to identify what is valuable data. "Any carelessness could cause you to miss out on critical leads，" he says.

Li is even meticulous before receiving documents to be verified. In 2019， a young man committed suicide， and the death note found on the scene appeared to explain the reason. Li did not buy it， though. "Is losing money gambling the real cause of his suicide？" he pondered. Despite some difficulties， Li succeeded in hacking intothe relevant apps on the man's mobile phone， and the truth began to surface.

It turned out that， after gambling his money away， the young man attempted to get a loan for his family online before taking his own life. He never received the loan， but got trapped in a loan fraud scheme and was cheated out of over 100，000 yuan. That was the last straw. Following up on this clue， the task force identified an overseas fraud group and arrested more than 20 suspects.

Being meticulous also means showing adaptability on the scene. In some cases， in order to prevent the destruction of digital forensics by the criminal suspect， Li would attend arrests in person to secure evidence.

A few years ago， Li was involved in investigating a fraud case in which the police force broke up a money-laundering ring engaged in cyber scams. During the operation， one suspect was caught， but Li noticed his eyes were full of fear and a hidden desire to say something. Li chatted with the suspect： "You must have invested a lot of money yourself， right？"， asked Li. The suspect nodded and disclosed that there was over 1 million yuan frozen in his account. "Call the top-level members of the ring overseas and make them drop their guard， get them to send as much money over to you as you can. This will be good for you." These simple words were like a wake-up call for the suspect， who did as Li suggested. Finally， the police cracked the entire money laundering network.

"Meticulousness is not an inconsistent state but a norm！" Li says that he is meticulous on duty at all times and places. Oftentimes， a single detail could be the key to solving a case.

How to make meticulousness a norm？ Li's answer is simple： "This job requires me to be meticulous. It's not a matter of capability or willingness but a must. And I must be as meticulous as I can！"

Working Hard and Smart

The rapid evolution of electronic devices spurs the development of a massive number of apps. Officers must constantly upgrade their testing technologies and learn about new technologies to keep up.

Li is often spotted studying and researching in the lab afterworking hours. According to him， digital forensics requires hard work and a flexible mindset. He is devoted to delving into digital forensics， and was even the lead editor of "Android Forensic Techniques， "a book he compiled in collaboration with many experts at home and abroad. This book with 30，000-plus Chinese characters took Li over one year to complete and has become an important textbook in the Android forensics field.

In 2020， he headed a provincial-level research project called "The Fast Forensics Acquisition and Analysis System"， which clinched third prize in the Chongqing Policing Reform and Innovation Contest. In the same year， he filed two national invention patents during his research.

Since Li joined the police force in 2010， he has been honored with four medals of merit and one praise for his personal feats. In 2021， he won first prize in the individual category in the Chongqing Forensic Technologies and Skills Contest. Thanks to his rich practical experience and technological prowess， he was named one of China's 9th batch of national young talents in forensic science and technology; and he delivered a keynote speech at the 10th annual meeting of the Asian Forensic Sciences Network （AFSN）.

During the 2021 and 2022 Chongqing Forensic Technologies and Skills Contests， he topped the individual category and earned first prize in the group class. He also had excellent performances in the 2021 and 2022 National Forensic Technologies and Skills Contests – winning third prize in the group class in 2021 and claiming the first spot in the individual category and first prize in the group class in 2022

（Translated by Zhang Yanzhou）