Secure AI analysis of digital criminal case files for criminal defense

Executive Summary

Digital investigation has become largely automated. Digital case files are voluminous, technically complex, and often compiled using advanced analysis tools. The defense is increasingly confronted with technical evidence that is practically unverifiable without specialized infrastructure.

CyberSecurity AD (CSAD) develops and manages shielded technical infrastructure for controlled analysis of digital criminal case files, with AI deployment under full control of the defense.

The infrastructure:

• does not create evidence;
• does not perform legal assessment;
• does not engage in investigation;
• and has no access to case data.

CSAD exclusively provides technical analysis infrastructure that is forensically reproducible, legally verifiable, and configured confidentially, in accordance with applicable law, Dutch Bar Association (NOvA) standards, and the upcoming Cybersecurity Act (NIS2).

1. The Problem

1.1 Digital inequality in the criminal justice chain

In criminal cases, digital evidence has structurally shifted from human analysis to automated processing:

• telecom data
• device extractions
• server logs
• chat datasets (e.g. EncroChat, Sky ECC)
• metadata analyses

These datasets are often generated, filtered, and summarized by investigative software that is neither transparent nor reproducible for the defense.

The defense must legally challenge these outcomes but rarely has access to:

• comparable technical analysis capacity;
• controllable processing chains;
• reproducible analysis environments.

1.2 The absence of legally safe AI infrastructure

Public AI models and cloud solutions are incompatible with:

• attorney-client privilege;
• confidentiality;
• traceability;
• and legal verification.

What is missing is neutral technical infrastructure, explicitly designed for use by criminal defense lawyers.

2. What CyberSecurity AD is (and is not)

2.1 What CSAD is

CyberSecurity AD develops and manages:

• shielded technical infrastructure;
• for controlled analysis of digital criminal case files;
• with deployment of specialized AI models;
• in a fixed, reproducible analysis chain.

2.2 What CSAD is not

CSAD:

• does not assess case files;
• does not interpret evidence;
• does not draw conclusions;
• does not conduct investigation;
• and has no access to submitted data.

All legal interpretation and strategic deployment remain exclusively with the defense.

3. Legal positioning: technical verifiability

3.1 Legally verifiable ≠ legal judgment

Within CSAD, "legally verifiable" means:

technically controllable by defense and court, without evaluation of evidence or legal qualification.

The infrastructure is designed to:

• make assumptions visible;
• allow methodology to be controlled;
• ensure traceability;
• enable reproducibility.

Not to claim truth.

4. Architecture: separated, shielded, controllable

The CSAD infrastructure consists of two strictly separated components:

4.1 CSAD application (user side)

• locally installed (desktop or mobile);
• isolated work environment per case;
• user selects dataset and analysis frameworks;
• no automatic connections;
• no hidden processing.

4.2 CSAD server environment (processing side)

• fully shielded;
• no cloud;
• no public internet;
• no data access;
• fixed AI chain per analysis.

5. Secure data transfer

Data transfer occurs exclusively via:

• end-to-end encryption;
• cryptographic verification (SHA-512);
• authenticated connections;
• temporary sessions.

CyberSecurity AD is technically unable to access case file contents.

6. The AI analysis chain (server-side)

Processing consists of a fixed, sequential chain of four specialized AI models.

7. Feedback & reporting

The user receives:

• a technical report;
• full traceability of analysis steps;
• verification data for reproducibility.

The report remains local with the user.

8. Confidentiality & compliance

CSAD ensures:

• no data sharing;
• isolated processing per case;
• no reuse;
• complete deletion capability.

The infrastructure aligns with:

• applicable law;
• cybersecurity best practices;
• NIS2 (Cybersecurity Act 2026);
• Dutch Bar Association (NOvA) standards.

9. Why CyberSecurity AD exists

CyberSecurity AD was not born from market positioning, but from technical necessity:

Digital evidence requires technical controllability to enable legal verification.

10. Founder & technical foundation

P.W. Oldenburger
Cum laude graduate in Cybersecurity (GPA 8.02), with focus on:

• digital forensics;
• reproducibility;
• legally verifiable systems.

The founder's role is limited to:

• design;
• technical architecture;
• infrastructure management.

No substantive role in individual analyses.

11. Launch strategy: pre-seed & pilot

11.1 Phase 1 — Pilot customers (defense lawyers)

• limited number of criminal defense firms;
• controlled deployment;
• feedback on usability and legal integration;
• no scale ambition in this phase.

11.2 Phase 2 — Pre-seed funding

Goal:

• further hardening of infrastructure;
• certification and compliance documentation;
• limited team expansion (infrastructure / security).

11.3 Phase 3 — Controlled scaling

• expansion within Dutch criminal defense practice;
• maintaining closed, defensive positioning;
• no public AI models.