Syed, you're a Senior Lecturer in Cyber Security and Forensics at Birmingham City University. Tell us a bit about your role: what does a typical day look like for you?
The role of a university academic has tremendously grown in recent years. We are now required to provide excellence in three areas: Teaching, research, and enterprise.
Teaching: I teach core courses of digital forensics in different programmes; keep a vigilant eye on the emerging challenges of cybercrime investigations so as to prepare my students to deal with these evolving scenarios; keep myself updated with the new technologies. This hands-on experience helps me deliver cutting-edge skills to our future Cyber Watchmen/women.Research: I actively participate in both national and international research activities. These undertakings help us to be a part of the bigger picture for solving complex scientific challenges. Results of research projects provide a unique touch to the teaching as students benefit directly from the outcome of the real-life challenges.
Enterprise: I work with the companies to help them become innovative and more competitive by advising them for improved cyber analysis processes; and to enhance productivity by using domain-specific optimisation of cyber investigation technologies.
Besides these routine activities, I administer digital forensic modules, ensure our lab facilities are meeting the teaching requirements, and participate in various academic bodies of the university. In short, I find myself quite busy most of the time.
What digital forensics courses are currently offered at Birmingham City University?
We are currently offering BSc (Hons) Forensic Computing and MSc Cyber Security with a module of Digital Forensics. We also plan to start an MSc in Digital Forensics in the near future.
Tell us more about the structure and content of the Cyber Security MSc. What core knowledge and key skills can students expect to gain from their studies?
This MSc Cyber Security programme is designed to meet the growing demand from global business and industry for robust cyber security systems. It provides required concepts and technical skills to implement, test and validate these concepts by using industry standard technologies.
The students are taught specialised modules such as Network Security, Ethical Hacking and Digital Forensics. They learn the core security concepts in the modules of Information Security, Engineering Secure Systems, and Information Risk Management. Students are given the appreciation of professional skills and research methods. They are also taught the security issues of emerging infrastructures such as Clouds. The students are also provided the opportunity to independently work on the complete lifecycle of a project over the summers. They are supervised by a staff member and may involve collaboration with some external organisation.
Further details of this course are available here.
Digital forensics is an increasingly popular career choice. Given the saturation of the market, what can students do to ensure they stand out to potential employers?
Interestingly, the digital forensics market is still in dire need of skilled manpower. Most of our students are employed during their placement year – i.e. a year earlier than finishing their studies!
Digital Forensic students need to have:
i. Core knowledge of the systems – As an example, to extract reliable and untampered timestamp from an electronic evidence, they need to know how different file systems work in the underlying operating system.
ii. Practical knowledge of the industry standard tools – To continue with the same example, students should be comfortable with a range of tools to extract timestamp from a range of devices/media (PCs, smartphones, servers, etc.)
iii. Critical mindset – They should be trained to assemble different parts of investigations jigsaw puzzle by using their core knowledge and technical experience. In the current example of timestamp extraction, students should be able to see the relevance of this finding in the big picture; and must be able to weave each itemised result in the global fabric of overall investigations.
The best opportunity for the students to showcase these skills is their final year projects where they have the opportunity to autonomously apply their acquired knowledge in a systematic way. Most of the time, potential employers judge their skills for a graduate position from their final year projects. They should be able to confidently answer questions about the various stages of their work, selection of technologies, use of search results, etc.
In your experience, what is the most challenging part of teaching digital forensics?
The most challenging part of teaching digital forensics in my opinion is the use of industry standard commercial tools in developing open flexible learning environments for digital forensic courses. Recently, I have spoken about this issue at the HEA-STEM 2016 Conference. Details can be found here.
Another challenging issue is to find teachers for the digital forensic courses. The scarcity of skilled digital forensic professionals is also hampering the higher education sector. Birmingham City University has announced multiple times since last year 2 lectureship positions in the area of Cyber Security and Digital Forensics. However, we are still unable to find suitable candidates. This situation also highlights the skills shortage in this specialised area.
You're also working on a project to improve digital forensics education through multidisciplinary cooperation. In your opinion, what is the biggest challenge in trying to increase cooperation between disciplines, and how can it be addressed?
Cybercrime investigations is a multidisciplinary domain where appreciation of several areas is already a well-established requirement. Often cybercrime investigators have some knowledge of different domains but they hardly weave them together in the fabric of investigations. For example, they are aware of the corresponding legislations; they have good appreciation of investigation practices; and they have technical and presentation skills as well. However, their knowledge of each of these domains is limited to the respective domain instead of having a global view of the landscape where these domains are harvested. We are developing real-life case studies to reflect the integration of the essential knowledge of these domains into digital forensic practice. We are also developing educational resources including multimedia ones to deliver the results of this multidisciplinary project to our students.
The biggest challenge in this quest is to have a set of comprehensive case studies that can provide a common platform for different disciplines where they can test and validate real-life scenarios. For example, acquiring data from a remote server for analysis with a legally sound chain of custody of digital evidence and overall protection of personal data stored on the server. In such a scenario each discipline has its own specific way forward. However, if we take a holistic view, than we can understand the need of a trade-off to adequately address the requirements of each discipline without compromising the fundamental requirements. Our way of bringing people from different background is to engage them in a “Sandbox” where each of them can contribute for the bigger picture of cybercrime investigations as this is our common interest to see end-to-end (and not point-to-point) validation of our respective work.
Standardisation is a hot topic in digital forensics. Do you think it is possible to standardise forensic tools and procedures, and how do you think we can work towards this?
We certainly need standard procedures to harmonise the investigation practise especially when investigators from different organisations/countries are involved in the same case. There are already some initiatives in this regard:
1. National Institute of Standards and Technology (NIST) has released some guidelines for digital forensics
2. International Organization for Standardization (ISO) has developed two standards that are drawing wider attention of the cyber investigation bodies.
These standards are:
a. ISO 17020: Conformity assessment – Requirements for the operation of various types of bodies performing inspection
b. ISO 17025: General requirements for the competence of testing and calibration laboratories
These ISO standards are somehow generic but if we start adhering to them and gradually adapt them for the digital forensic domain then we can have some more specific standards. In my personal opinion, instead of relying on standardisation bodies, we should exchange our experiences to evolve a set of common/best practices. These practices could eventually be transformed into guidelines/standards etc. The problem is that the job of digital forensic analysts is so hectic that we hardly get any time for dissemination. But we need to realise the importance of sharing experience as it is going to help us all by having better and efficient investigation processes.
Finally, when you're not teaching, what do you like to do in your spare time?
I like to explore nature whenever I get some opportunity. This is a natural stress therapy that helps me reboot myself after a hectic work routine.
Syed Naqvi teaches Cyber Security and Forensics at Birmingham City University. To find out more about available courses, visit the BCU website.
