John H. Riley, Bloomsburg University of Pennsylvania

John, can you tell us something about your background and why you decided to teach digital forensics?

First, thanks for the opportunity to discuss our program. We’re really proud of what we’ve accomplished here and believe we’re contributing to the digital forensics community. I started as a mathematician (Ph.D., University of Connecticut, 1980) and then began to teach computer science as well as mathematics in the 1980s. I wrote two programming textbooks (Pascal, for the old timers). About six or seven years ago, my department was investigating majors that would be good for students. We decided upon computer forensics. It is an interesting, useful field of study that has worked really well for us and our students.On the intellectual side, I find the whole issue of what information can be found and how it can be used to build a story quite fascinating. “Story” here means a narrative that shows what happened, in a rigorous sense (a la a mathematician’s proof). As a professor, it’s really fun to work with digital forensics students. Our curriculum has a lot of hands on work so we see our students really digging into things. The ultimate reward is seeing them graduate and begin work. I must note that I’ve had really great colleagues, particularly Scott Inch, to work with. I also am grateful to the larger forensics community for their help.

What digital forensic courses are currently offered by Bloomsburg University?

Introduction to Digital Forensics, File Systems 1 and 2, Digital Forensics Software, Advanced Topics in Digital Forensics, Small Devices Forensics, UNIX/Linux for Digital Forensics.

Tell us more about course structure and content. What core knowledge and key skills should students gain by the end of their studies?


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The first five courses listed above (along with some computer science and other courses) form the backbone of our major. They cover the artifacts that can be found on a computer (and how they come to be), how the artifacts can be extracted in a forensically sound manner and how they can be linked together and presented or reported. As an example, students know why a deleted file may or may not be able to be recovered, how to use a tool like EnCase or FTK (or even a hex editor) to recover it, how it might be related to a link file or a registry entry, how to ensure its integrity after extraction using a hash function and how to include it in a report. We stress the importance of knowing how the computer is organizing files and generating artifacts so that what a tool produces is understood. Our graduates are prepared to defend their results. We also put this work in context. It’s not just finding a deleted file, it’s finding evidence which may change a person’s life. So beyond knowledge and skills, we foster a sense of responsibility and integrity.

Please describe the facilities available to digital forensics students at Bloomsburg University.

We have a classroom/lab with 25 machines each with EnCase, FTK and X-Ways. Of course, we also take advantage of free tools. It’s a very powerful teaching environment. As soon as we discuss something, we can look at an example. This room is used for classes around 30 hours a week. At all other times it is open to digital forensics students (and no other students). There’s an exterior door which their IDs will open, so they literally can get in to work at 1AM (which does happen). In addition we have a research lab for advanced students working on projects. It has several computers with the appropriate software along with imaging hardware and write blockers. It also has a large variety of cell phone acquisition software and hardware, up to and including a Faraday box. It has large collections of hard disks and cell phones (many different models and manufacturers) available for research.

What is the most challenging aspect of teaching digital forensics?

There are two that stand out. Keeping up to date is an enormous hurdle (no surprise to the forensic community). Every new device, storage medium, operating system, etc. poses several questions. What are its implications for forensics? Is it a core concern, something every forensics person should know about? If it’s important, how do we put it into the curriculum? While I enjoy working on these problems, they are extremely time consuming. It’s very hard to devise examples, exercises and labs for courses. A real constraint is the time students have to work on them. Particularly for beginning courses, there’s very little room for ambiguity. At the same time, making an exercise realistic is important. For example, what’s a good lab for string searching?

The graduate employment market continues to be highly competitive. What advice would you give to final year digital forensics students to help them stand out from the crowd?

Our graduates with a 3.0 or better average have been fairly successful in getting employment, so the first and really important advice I give is when they start as freshmen: keep the grades up. There are several things that students can do toward the end of college to have a bragging point. The obvious one is an internship during the summer before the senior year. Doing a project or research leading to a publication or presentation is good. Students shouldn’t limit themselves. One of my advisees has been studying Arabic and is spending the summer in the Mideast to learn that culture and immerse himself in the language. Another one of my advisees ran seriously for the state house of representatives. Both bring something special to the table. It’s probably more important to have a bragging point than to have a particular bragging point.

When you're not teaching, how do you relax and unwind?

I’m a serious distance runner. Most mornings I get a ten mile run in. In road races, I usually place in my age group. I’m also a little bit of a musician. I ring in a hand bell choir and attempt to play the piano.

Read more about Bloomsburg University's digital forensics program here. John H. Riley can be contacted by email at [email protected].

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...