At DFRWS-USA this year, a keynote talk delivered by David Cowen, Managing Director at KPMG, highlighted what he called “a world of opportunities” for research in new — and yet undiscovered — categories of digital forensics.
DevOps, cloud forensics, and ephemeral containers and data are just a few of the areas ripe for study — even as instructors and professors work to stay abreast of emerging technology and trends.
This is no small task, and increasingly, forensic professionals are recognizing the need for students to have a foundation in forensic basics long before they ever join an undergraduate program.
The answer: middle and high school camps, clubs, and classes, which offer a blend of hands-on experience and instruction from practitioners. We’re highlighting four of these:
- The Cyber Sleuth Science Lab
- CyberTech Girls and GenCyber camps
- SANS Cyber Camp
- The Computer Science Club at New Jersey’s Middlesex County Academy (MCA) for Science, Mathematics and Engineering Technologies
Education and immersion for the next generation of forensicators
Two conference presentations over the summer described how early immersion could help fill an occupational gap and improve diversity in cyber.
Daryl Pfeif, Founder and CEO of Digital Forensics Solutions, spoke also at DFRWS-US about the Cyber Sleuth Science Lab (CSSL) she founded in 2016. The following month, Tobi West, a professor at Coastline College in Garden Grove (California), spoke at the annual High Tech Crime Investigation Association (HTCIA) conference about an initiative she founded, CyberTech
Girls, and the camps she’s hosted for the National Science Foundation- and National Security Agency-funded GenCyber.
The events’ first goal is to help youth understand potential education and career pathways. “[High school] students are aware of hackers or heard of cybersecurity, but they don’t have a good understanding of the whole world of jobs [in the sector],” Pfeif explained. “Why wait to get students interested in college? For some that will be too late.”
West added that the one-day CyberTech Girls events address the “pivotal moment” in middle school when girls tend to form their career interests. That, she said, is a matter of making sure they’re aware of different types of careers and where they might fit.
The GenCyber events consist of week-long camps that are more immersive, allowing adult mentors more time to talk to girls about activities and career potential — not just the “hoodie hacker,” said West, but the variety of opportunities that are available to the girls.
For example, an upcoming event, planned for July 2021, will focus on careers in the U.S. Federal Bureau of Investigation (FBI), bringing students to the Orange County Regional Computer Forensics Laboratory (RCFL) so students can get a sense for what it’s like.
These kinds of programs, Pfeif and West hope, will improve the ratio of women and others from groups who are underrepresented in cyber — those who, both founders stressed, could be self-selecting out of the field either because it isn’t diverse, or because they think it’s limited to coding.
That was apparent in Pfeif’s home city, New Orleans, which she said doesn’t have a significant tech community. “We needed to bolster not only a diverse workforce, but also more diversity in jobs,” said Pfeif, adding that the same holds true in many communities in the United States. “A career in DFIR has the potential to fuel systemic change and a chance to escape multi-generational poverty.”
It starts by teaching digital forensic science in a virtual learning environment, a format that was valuable even before the pandemic: its flexibility allows for the CSSL to be delivered in a number of formats. “Summer camps, intensives, in class, after school: any way you could bring Cyber Sleuth to youth near you, we’re on board,” Pfeif said.
A virtual toolkit includes digital forensic tools and scenario datasets, while a virtual lab incorporates age-appropriate, life-relevant investigative missions. This way, the students can step through the forensic process and learn fundamental concepts in forensic science.
The immersive experience further teaches students the process of scientific inquiry through concepts and skills in technology, engineering, mathematics, and computer science. However, the CSSL isn’t just about the “cool” aspects of digital forensics. It also teaches students skills they may not have considered, such as report writing, ethics, and mock trial testimony.
“We have all the students write forensic reports,” said Pfeif. “They take detailed notes, calculate hash values of all objects, and report their notes back.” This fits high school well, she added, because it brings home the value of communication. “If you can’t present findings in a concise, interesting way, the value of your work isn’t as clear,” she explained.
At the middle school level, said West, age-appropriate activities are equal to information in importance. For the girls at her events, hands-on activities include making binary bracelets, a cabling workshop, and desktop computer assembly/disassembly. However, CyberTech Girls also includes a mock crime scene that includes both physical and digital evidence to process.
Students aren’t the only demographic who can benefit from this type of education. West spoke about CyberTech Girls’ virtual teacher camp, where government officials speak to teachers of biology, psychology, and related subjects about cybersecurity for their disciplines — additional pathways for students.
“Cybersecurity skills are valuable to everyone and transfer to other domains,” said Pfeif in her presentation. “Students need a better understanding of how what we do underpins every other business sector.”
The SANS Cyber Camp
August saw the inaugural SANS Cyber Camp, a two-day event that organizer Lee Whitfield says started with an off-the-cuff question from his wife’s friend: could her teenage son take Whitfield’s SANS FOR500 Windows Forensic Analysis class?
“He has a real interest in digital forensics and computer security,” Whitfield said, “so they were looking for something for him to do over the summer.” It was then that Whitfield’s wife, Alisha, came up with the idea for a summer camp.
The camp took just about two months to put together. “I barely needed time to consider the idea before I started making plans,” Whitfield said. But he soon came to a realization. “[W]hile the idea was sound, we knew that this would be difficult for [his firm, 337 Forensics] to set up on our own.”
Whitfield approached Rob Lee, Chief Curriculum Director and Faculty Lead at the SANS Institute. “He loved it and got SANS to back it,” Whitfield said. “Without the partnership no single entity would have done this on its own.”
In part, that was because of the short period of time the team had to work with. “In less than two months we managed to put together several sessions that covered a wealth of topic areas, set up a [Capture the Flag], and get over 5000 registrants,” Whitfield said.
Of course, turning such a sizable event around in such a short period of time wasn’t without its challenges. “All of the stars [had] to align perfectly,” said Whitfield. “We needed speakers, a schedule, communications, marketing, and other non-speaker related items all to be as close to perfect as possible.”
The SANS team stepped up to the task. “I don’t know if anyone else could have done such an exceptional job as the group of people that were helping out,” Whitfield said. Even so, scheduling conflicts necessitated some changes.
But the event was a smashing success. “At its peak I think we had something like 2400 people on a single session,” Whitfield said. “I’ve seen some feedback about Heather [Mahalik] and Lodrina [Cherne]’s sessions specifically that made me smile, and [SANS certified instructor] Jeff McJunkin … has so much energy and excitement that he pulls you in and makes you excited about things just because of his personality.”
Another challenge: the “sheer number of questions,” said Whitfield. “I think we answered something like 3000 questions over the two days. I could hardly pay attention to any of the talks because I was hands-on-keyboard most of the time.”
In addition, attendees from outside the United States — with representation from all other populated continents — requested scheduling that would enable them to attend future camps more easily.
All are issues under consideration as the next camp approaches in December. “This first run was to see if this was possible and whether it would be well received,” Whitfield said. “Now that we know both of those are true, there’ll be more.” As well, he added: “We’ll learn and grow and get better at this based on how this one went.”
Teen-created, court-approved: the Frame Rate Authentication Tool (FRAT)
Another type of immersive experience — designing and building a prototype solution — turned out to be an unexpected opportunity for students in the Computer Science Club at the Middlesex County Academy for Science, Mathematics, and Engineering Technologies (MCA for SMET).
About three years ago, New Jersey-based video forensic examiner Brandon Epstein needed to calculate a vehicle’s speed in recorded video. “A lot of it has to do with the elapsed time, which is tricky to understand accurately based upon the way CCTV video is recorded,” he said.
Sent a “very crude schematic” by an acquaintance in the United Kingdom, but lacking electrical engineering expertise, Epstein approached the local community college for help. “They actually put me in touch with the high tech high school on the community college campus,” he recalled.
The MCA is a “magnet” school that draws students whom its principal, John Jeffries, calls “the best and the brightest in the county.” Selected based on a rigorous placement testing and interview process, the students come from a range of socioeconomic strata as well as ethnic and cultural backgrounds. Middlesex County sits between New York City and Philadelphia, so while some students’ parents are engineers and attorneys, Jeffries said, others come from lower income areas — but all are highly focused.
It was the kind of dedication Epstein’s project needed, and the MCA put him in touch with Enzo Paterno, the school’s engineering instructor and Computer Science Club faculty advisor. An engineer by trade, Paterno had used his 25 years of engineering experience with companies like AT&T and Lucent Technologies to design the MCA’s engineering curriculum and lab environment from scratch.
In existence for nine years, the Computer Science Club gives students the chance to apply the technical knowledge they acquire in class to new technical skills — “…to design, implement, and troubleshoot a product throughout the development cycle,” said Paterno.
When Epstein first brought the Frame Rate Authentication Tool (FRAT) schematic to the club, a team of six students tackled the project. “The team met on an average of twice per week after school from 3:30 PM to 5:00 PM during the Computer Science club meetings,” said Paterno, who attended all meetings as team advisor.
Before any design planning could begin, though, the team needed to assess Epstein’s circuit schematic for its functional validity. The process took a few weeks, and ultimately, the students advised Epstein that the schematic wouldn’t work. “Some of the schematic wiring connections were not correct,” Paterno explained. In addition: “The original schematic called for various voltage sources but did not provide any circuit design.”
The students, however, had ideas on how to resolve the problems. Along with other technology changes, Paterno said, “[They] designed the power distribution circuit to supply the required 3.3 volts, 5 volts, and 6 volts from scratch.”
In much the same way that digital forensic examiners test new methods, the students then built a working breadboard model to ensure the design would function. “[This] provided validation and the go-ahead to proceed,” said Paterno.
The team identified a leader — who was responsible for communicating with Epstein — and a documentation scribe. Then they distributed circuit design, implementation, testing, and construction tasks among the team. Together, the students collaborated in circuit debugging, mechanical mountings, and documentation — the FRAT’s schematics, layouts, and mechanical drawings.
From there, the process was more collaborative between the team and Epstein, who attended meetings to answer questions, be updated on progress, and provide feedback on issues like the positioning of the FRAT’s 30 Light Emitting Diodes (LEDs), physical dimensions, and desired look, all of which could impact design for both the faceplate and the two vector board circuits. Then, the students tested the FRAT prototype before releasing it to Epstein.
The entire project took nearly two years to complete: one school year, said Paterno, from conception to realization of a vector board prototype model, then a second year to complete a second version of a Printed Circuit (PC) model.
The production model was supposed to be completed during the 2019-20 school year, said Epstein, but the COVID-19 pandemic response derailed that. Even so, he added, “I still have the prototype and have used it in a few cases, including a fatal accident in Colorado that I helped out on that went to a Daubert [admissibility] hearing.”
The FRAT didn’t end there, though. It won third place in the 2019 STEAM Tank Challenge, a competition run by the New Jersey School Board Association (NJSBA) and the U.S. Army.
Paterno, holder of three of his own patents, additionally encouraged his students to look into obtaining a provisional patent for the FRAT. For $150 (not the thousands of dollars a real, 20-year patent would cost), the provisional patent protects the idea for one year.
The entire experience enabled the students not just to put their technical prowess to work, but also to build their soft skills: “Responsibilities, commitment, research, collaboration, team work, communication within the team, leadership roles, and managing a project from its conception to realization,” Paterno explained.
How, where, and when can you get involved?
As these stories demonstrate, there’s no shortage of demand for experience with digital forensics, even at the high school level. Multiple opportunities exist not just with these initiatives, but also ones like Spark Mindset and the Rocket Girls Cyber Camp — as well as organizations that may be local to you, as Epstein learned.
“There are many gifted high school students in the USA that want to learn and are very good kids,” said Paterno. “Unfortunately, in the crazy times we live in, the good in people (students and law enforcement) is not reported enough as there is always emphasis on the negative. Having more collaboration between the younger generation (high school students) and law enforcement is a great community service vehicle to make this country a better country.”
Mentors and role models
Pfeif and West both reflected the broad need for role models. Pfeif seeks coaches or trainers closer to students’ ages, while West needs mentors who are willing either to present at the events and webinars, or guide students from workshop to workshop.
West said additionally because students can be “challenged” with getting into college, mentors are needed to help them figure out how to get degrees. For instance, she said, part of the CyberTech Girls programming is to talk to students about College Promise. Another part is to talk about different paths to a four-year degree and a career.
The SANS Cyber Camp, said Whitfield, ended up with more volunteer speakers than they could slot. “We [gave them] less than two months (or even just a few days in one case) to come up with a great presentation that’ll be both entertaining and educational to younger people looking to get into the field or expand their knowledge and yet no-one said no, no-one even batted an eyelid, it was just, ‘I want to help, tell me what to do.’”
Paterno says mentoring highly motivated students can come with its own demands.“One critic might ascertain that my job is easier because I deal with students who want to learn and thus, I do not need to worry about class management,” he said. “Not quite true, as I do have the challenge to always stay ahead of these students (in terms of knowledge and especially the latest state of the art technologies).”
However, he added, students respect teachers who maintain required knowledge, passion for the content, and regard for their role in preparing the students for college and the workforce.
Councils, boards, and steering
The CSSL, CyberTech Girls, and GenCyber events need advisory councils or boards to help shape and develop curriculum, and to help deliver the programs in other communities. For example, said Pfeif, pilot site partners helped get CSSL curriculum to several cities — New Orleans (Louisiana), Baltimore (Maryland), Everett (Washington state), and Las Vegas (Nevada). Las Vegas is the largest event to date, with more than 350 high school students immersed in DFIR.
Sponsorships
Both monetary and in-kind sponsorship is valuable to these groups, which seek to defray costs associated with meals, t-shirts, materials, etc. To companies, partnering can be part of corporate social responsibility programs — and could help them identify future employees.
For the CSSL, funding from the National Science Foundation comes alongside partners in both the commercial and nonprofit sectors, including vendors such as MSAB and Magnet Forensics and organizations such as New Orleans’ Core Element, the Washington Network for Innovative Careers (WANIC), and Baltimore’s Code in the Schools, as well as the National Girls Collaborative.
For the FRAT prototype, local companies were instrumental to the project’s success. Omega Circuits & Engineering, a manufacturer located near the Academy in New Brunswick, donated two printed circuit boards — together worth $1500 — after hearing about the project. “They wanted to reward this positive community collaboration,” Paterno explained.
Additionally, the father of the FRAT team leader, a patent attorney, “was kind enough to guide his son in the paperwork necessary to get the provisional patent,” said Paterno. “The Academy paid the $150 for the patent.”
Rethinking the future
“I don’t know if this event changed anyone’s attitude or helped to shape future careers but I really hope so,” said Whitfield. “Even if it didn’t, I know we’ve at least got through to some of the audience in terms of how to better arm themselves with knowledge.”
It’s an example, he added, of how digital forensics professionals can come together for an important cause. “Talk is cheap and our children learn more from our examples than they do from our words,” he said. “I hope that anyone that reads this will take the opportunity to set that example and show the upcoming generation of hackers and forensicators in doing good.”
