Kim, you're currently studying at the University of South Wales. Tell us about your course and what you're learning.
I am currently studying an MSc in Computer System Security; however, I have just completed an MSc in Forensic Audit and Accounting. My current course concentrates on several different aspects of Information Security. Both the practical application of network and systems security as well as security at a strategic level. It is accredited by the Tiger Scheme, and is a mix of lectures, self-study and practical.
What was it that first sparked your interest in digital forensics?
In my studies in Forensic Audit and Accounting I completed a module in Computer Forensics and Crime Investigation.As soon as the lectures started, I was captivated by the subject, its combination of computing (I have 25 years’ experience as a software developer), puzzle solving and analytical process was just something that my brain was very happy to work in. I was getting satisfaction from the subject and had my interest increased through conversation with my senior lecturer Gareth Davies, who also pushed my understanding and skill levels past what I thought that I was able to do.
You've recently done some research on the feasibility of creating a standardised digital forensic model – what made you choose this topic?
The subject of standards was brought up by Gareth in lectures and my initial research indicated that the area was a little uncontrolled. I come from the software developer side of the industry and I could see similarities in the development stage and know the benefits that standardisation has in the real world of IT. I thought that it was an area of weakness and could see that there was a potential to make a huge impact on the judicial system worldwide.
As an individual I thought that my investment of time could produce a workable solution which has the potential to drastically increase the admissibility of digital evidence in the world judicial system which can lead to a higher conviction rate. This is urgent because of the ever-increasing amount of digital evidence that can be gathered in any type of crime. It is very difficult not to leave a digital fingerprint somewhere.
Can you tell us about your research methodology?
The main research method has been investigating current literature on the subject, this was not just simply an exercise to compare and contrast ideas and models as previous research has followed, but to start from the perspective of what makes digital evidence admissible. This in turn provided a lot of raw information on processes and standards.
I supported this with a questionnaire, and its emphasis was on understanding why evidence is inadmissible, and concentrating on if methods or standards were being followed. The research method was only selected to perform initial test of whether a global standard was feasible, not is it wanted.
An outcome of my research was that it is common thinking that a standard is necessary to provide digital forensics with a scientific foundation, supported by quality management systems.
What results are you seeing from your research so far?
The results have been very positive, the industry acknowledges that a standard is necessary at this point in the development of digital forensics as a science. Also, the results to date show that the majority of organisations do follow a standard either internal or external, and that codes of practise such as the ACPO code are well known throughout the industry.
In your opinion, what are some of the challenges around standardisation, and how might they be addressed?
Currently there is an opportunity for a standard, however, there is weakness in the sharing of information. There are a lot of excellent practitioners who are achieving consistency but this is not being shared amongst other experts. Although a standard is required the industry leaders need to have a paradigm shift and take a leap of faith by collaborating and co-operating with each other on the world scene. Without this shift no matter how much effort, cajoling and controlling happens, a standard will not be produced or followed.
Current standards are too diverse and were developed from the old adage “let’s see what we have and develop it a bit further to improve it”. I believe this is the wrong approach and that a backward chaining approach would produce a standard that is fit for purpose.
What's next for you? What do you have planned for the future?
I plan to complete my current Masters and to progress the research in this area a little further. My expectation is to progress onto a PhD, dependent on my funding options, and to then spend my time on a full-time basis on this subject matter. I hope to be able to develop a world forum for experts to share information and to develop the key principles and ideals for a standard to be implemented that is global.
Finally, when you're not studying, what do you enjoy doing in your spare time?
When I am not studying, I have many hobbies. I like to keep fit and walk my two Staffordshire bull terriers every day. I like to read and complete crosswords and puzzles. The main hobby I have is that I am an adult volunteer in the Army Cadet Force where I hold a commission. I am responsible for running a Corps of Drums and I regularly play alongside my cadets. I am also learning to play a musical instrument, a soprano saxophone which I have just taken a Grade 1 Theory examination in. I enjoy motorcycling and cycling.