Dashley Van Schijndel of BDO

The problem with digital forensics: Dashley van Schijndel of BDO testifies in Hodlonaut Norway trial

YouTube video

Did Dr. Craig S. Wright deliberately manipulate documents to prove he was Bitcoin creator “Satoshi Nakamoto“? Despite hours of testimony from digital forensics experts in the recent “Hodlonaut” trial between Wright and Norwegian Marcus Granath—and despite what you might read on social media—the exact answer to that question remains unclear but there is no evidence to suggest he did. The longest explanation of the points and techniques used to analyze the material came from BDO Norge manager Dashley van Schijndel.

Schijndel has a Master’s in Computer Forensics and Electronic Discovery from the University of Glasgow and worked with Dutch law enforcement for eight years as part of the National Crime Unit. He worked as a specialist on its computer forensics and cybersecurity team and also performed research at the University of Oslo.

Background and KPMG’s findings

This trial and last year’s Kleiman v Wright case spent a long time focusing on whether specific documents turned over in discovery—contracts, emails, and software source code files—were genuine or had been forged/tampered with. Dr. Wright’s side contends that some of the documents are genuine and show evidence of his work on Bitcoin before its release, either by their creation dates or implied by the document contents. His defense acknowledged that its clear other documents could have been altered by unknown parties, the documents in question have not had clean custody so their provenance is suspect. His opponents counter that someone has altered these documents in more recent times to bolster Wright’s claims.

To make this case, Granath’s attorneys Advokatfirmaet Simonsen Vogt Wiik (SVW) requested audit firm KPMG perform a series of forensic analyses on the documents. This involved: a close look at each document’s metadata showing creation and modification dates as well as authors; analysis of the software versions used to create and modify them (including fonts these packages used); and whether there were signs that the same or any third-party software had been used to alter specific sections of each one.

KPMG produced an 81-page report (with an additional 246-page appendix that included the documents in question) with their findings. Its summary noted that KPMG had found various inconsistencies in the metadata of files containing written information, such as missing data, fonts copyrighted and software versions from dates later than the document’s creation date, and long total editing times. For source code files, KPMG reported they could not verify whether they were created before their public releases and they could not determine who altered them.

“KPMG considers it likely that several of the files in the data material have been changed so that they appear to have been created earlier than they actually are,” the report concluded.

The testimonies from Schijndel of BDO Norge and Klaudia Sokolowska of CYFOR serve as a counter-point to KPMG’s findings. While Schijndel says he does not doubt KPMG and its employees’ integrity and found their report to be thorough, there were several points where his team could not replicate KPMG’s test results and others where claims of “manipulation” may have other explanations.

The judge reminded Schijndel that this is a civil case, not a criminal one, meaning decisions are based on the balance of probabilities rather than the stricter “beyond reasonable doubt.” He noted that his team endeavored to replicate results by producing environments similar to those in which the documents were created, sometimes by using much older versions of software.

Schijndel said that although many of KPMG’s findings were valid, there were cases where signs of inconsistency (in particular, the total editing times of certain documents) could possibly be due to differences in the ways software versions counted times and whether operating systems themselves kept the editing clock running at times when a computer was in sleep mode. He noticed that even different versions of Windows (e.g., XP, Vista) produced different results.

Another key point of difference between KPMG’s report and those questioning it was a copy of the original Bitcoin white paper from 2008. All analysts performed an MD5 hash of the file to ensure it was identical to the ones others had used. However, both BDO and CYFOR testified that the hash of the files they downloaded were different from the ones KPMG had. This doesn’t indicate document manipulation, but instead calls into question whether KPMG’s analysis was done correctly in each instance.

While the issue of altered documents (either deliberately or through natural processes) has played a large part in opponents’ cases against Dr. Wright, testimonies in this trial suggested they are not definitive in proving either side’s case. For one, the documents are now quite old in technology years. Many pre-date Bitcoin’s creation, some are scans of handwritten notes, and others are PDF copies of emails rather than the original email message files.

Ironically, the inconclusivity of the document forensic evidence indicates the legal world requires a more consistent and auditable way to confirm digital truths—a global ledger, or blockchain, for example. A ledger such as Bitcoin would record a clear timestamp of all digital events and files, guaranteeing their veracity (as documents) and instantly showing where any alterations had been made or by whom. No matter which side you ultimately believe in these court trials, they show how useful a scalable Bitcoin network could be in an increasingly digital society.

Watch Granath vs Wright Satoshi Norway Trial Coverage Livestream Recaps on the CoinGeek YouTube channel.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.