±Forensic Focus Partners
New Today: 5
New Yesterday: 2
±Forensic Focus Partner Links
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
InterviewsBack to top Back to main Skip to menu
Dr Richard Overill, Senior Lecturer in the Department of Informatics, King's College London
Like much, perhaps most, of my life, it was purely serendipitous! I had finished the research for a PhD in computational quantum theory at the University of Leicester, and needed a job to support myself while I wrote up the thesis. I just happened to spot an advert for an Analyst-Programmer at King's College London in the trade press, applied and got the job. After a year the PhD was completed, but I was asked to stay on and contribute some teaching of programming and do some collaborative computational research. And when King's subsequently set up an academic Department of Computer Science (which has now become the Department of Informatics) it was the natural place for me to migrate to. Rather unenterprisingly, I've been here ever since!
How did you first become interested in cybercrime as a research topic?
The interdisciplinary nature of King's had a lot to do with this. King's set up an International Centre for Security Analysis within the Department of War Studies, and while their staff were very competent in the international relations, policy and strategy arena, they needed someone to assist them with the technical and tactical aspects of cyber warfare, cyber terrorism and cyber crime. I'd been lecturing to undergraduates on cyber security for a while so it wasn't difficult to make the transition. I still collaborate with colleagues in War Studies, although I have since opened up a fruitful collaboration in quantifying the results of digital forensic investigations with colleagues at the University of Hong Kong.
Your paper “The ‘Inverse CSI Effect’: Further Evidence from E-Crime Data” (PDF here) has recently been published in the International Journal of Electronic Security and Digital Forensics. Could you give us a brief overview of the topic, and your main findings?
I'm an inveterate watcher of all three CSI threads and also of NCIS, where a lot of conventional and digital forensics is shown, albeit 'sexed-up' for TV dramatic effect so that incontrovertible evidence is always recovered in double-quick time. This has been blamed for 'the CSI Effect' where US jurors in particular now expect to be presented with evidence like this because they believe what they have seen on TV. And it occurred to me to wonder, if jurors are influenced in this way, how about intending criminals, and in particular cyber criminals? If you're a cyber criminal and you see those 'super-cyber-sleuths' on CSI and NCIS, how will this modify your behaviour? I suggest that you'll either give up cyber crime as being too risky, or you'll attempt to go 'under the radar' by reverting to petty cyber crime, or you'll 'up your game' to stay one step ahead of the 'super cyber sleuths'.
It's this last option that I've termed 'the Inverse CSI Effect' because a natural consequence of it is that you'll have to invest up-front in the latest technologies and skill sets, and this is going to cost you a lot. In order for your business model to be viable you'll need to recoup your up-front investment by planning bigger cyber heists, which in turn will require an infrastructure of hired technical, social and financial skill sets to support it. This would lead to the development of what we term Serious Organised Cyber Crime (SOCC) which would show itself through a trend over time towards the occurrence of fewer, larger and more sophisticated cyber crimes. But is there any evidence for this? It appears that there is: since CSI was first aired, the US Computer Security Institute's annual surveys of the numbers of reported incidences of cyber crimes has decreased, while the average value of the cyber heists has increased (after correcting for US$ inflation), just as predicted.
You point out that it’s harder for organised criminal groups to monopolise cybercrime than it is for those same groups offline. Why is this? Is it a bad thing?
Simply put, in the physical world organised crime can control territory and everyone who lives in or moves through it. In the virtual world there's no direct analogy with the idea of territory. If I'm a newbie cyber criminal I can just set myself up in cyber space and operate from there, and perhaps the worst that can happen to my business is that my competitors can try to deface my website, or to DDoS it, or spam my inbox. But these are generally no more than annoyances in my business process. The anti-monopolistic tendencies of cyber space promote competition amongst cyber criminals as they do amongst any other types of business. My feeling is that on balance this is a good thing since cyber criminals will spend time competing with each other, which implies that they are likely to spend less time on cyber criminal activities!
You give talks to schools and professional groups about different areas of cybercrime – could you tell us a bit more about that, and the reactions you typically receive? Are people surprised to learn that digital forensics isn’t entirely what they’d expect from TV?
Young people and also adults who are not technically cyber savvy are probably not too critically aware and discriminating about what they see of digital forensics on TV. Law enforcement, and cyber security professionals of course react differently. The problem for (intending) cyber criminals is this: they don't know for certain just how much of what they see on TV is dramatic licence and how much is plausible, and they need to 'play safe' or risk getting caught - after all, the recent revelations about PRISM and Tempora have surprised quite a few people as to the current technical capabilities of certain government agencies.
What advice would you give to members of the public who want to learn more about cybercrime and have an understanding beyond what they see on TV?
One worthwhile possibility is to sit in the public gallery of a Crown Court when the prosecution presents its evidence during a fraud trial. I've done this myself and emerged much enlightened.
How do you think we as forensics professionals can help to improve public awareness about cybercrime?
This isn't straightforward, because if you overcook it people get paranoid, and if you undercook it people ignore you! One way I've found that seems to work is to use actual cases presented as human interest stories; that way you keep people's attention and they may be able to place themselves in the situation you're describing.
I understand that you’re a longboarder – cool! How did you get into that and what’s your favourite longboarding spot?
My elder son took up skateboarding and is very creative at it; for me longboarding was a way to share in his interest without getting myself too badly injured! I like carving my way around the parks of Brentwood, Billericay and Basildon in Essex. And when the weather isn't nice enough for longboarding, there's always my martial arts!
Further details about Richard, including contact information, can be found here.