Syed Naqvi, Senior Lecturer in Cyber Security and Forensics, Birmingham City University

Syed, you're a Senior Lecturer in Cyber Security and Forensics at Birmingham City University. Tell us a bit about your role: what does a typical day look like for you?

The role of a university academic has tremendously grown in recent years. We are now required to provide excellence in three areas: Teaching, research, and enterprise.

Teaching: I teach core courses of digital forensics in different programmes; keep a vigilant eye on the emerging challenges of cybercrime investigations so as to prepare my students to deal with these evolving scenarios; keep myself updated with the new technologies. This hands-on experience helps me deliver cutting-edge skills to our future Cyber Watchmen/women.Research: I actively participate in both national and international research activities. These undertakings help us to be a part of the bigger picture for solving complex scientific challenges. Results of research projects provide a unique touch to the teaching as students benefit directly from the outcome of the real-life challenges.

Enterprise: I work with the companies to help them become innovative and more competitive by advising them for improved cyber analysis processes; and to enhance productivity by using domain-specific optimisation of cyber investigation technologies.
Besides these routine activities, I administer digital forensic modules, ensure our lab facilities are meeting the teaching requirements, and participate in various academic bodies of the university. In short, I find myself quite busy most of the time.

What digital forensics courses are currently offered at Birmingham City University?


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

We are currently offering BSc (Hons) Forensic Computing and MSc Cyber Security with a module of Digital Forensics. We also plan to start an MSc in Digital Forensics in the near future.

Tell us more about the structure and content of the Cyber Security MSc. What core knowledge and key skills can students expect to gain from their studies?

This MSc Cyber Security programme is designed to meet the growing demand from global business and industry for robust cyber security systems. It provides required concepts and technical skills to implement, test and validate these concepts by using industry standard technologies.

The students are taught specialised modules such as Network Security, Ethical Hacking and Digital Forensics. They learn the core security concepts in the modules of Information Security, Engineering Secure Systems, and Information Risk Management. Students are given the appreciation of professional skills and research methods. They are also taught the security issues of emerging infrastructures such as Clouds. The students are also provided the opportunity to independently work on the complete lifecycle of a project over the summers. They are supervised by a staff member and may involve collaboration with some external organisation.

Further details of this course are available here.

Digital forensics is an increasingly popular career choice. Given the saturation of the market, what can students do to ensure they stand out to potential employers?

Interestingly, the digital forensics market is still in dire need of skilled manpower. Most of our students are employed during their placement year – i.e. a year earlier than finishing their studies!

Digital Forensic students need to have:

i. Core knowledge of the systems – As an example, to extract reliable and untampered timestamp from an electronic evidence, they need to know how different file systems work in the underlying operating system.

ii. Practical knowledge of the industry standard tools – To continue with the same example, students should be comfortable with a range of tools to extract timestamp from a range of devices/media (PCs, smartphones, servers, etc.)

iii. Critical mindset – They should be trained to assemble different parts of investigations jigsaw puzzle by using their core knowledge and technical experience. In the current example of timestamp extraction, students should be able to see the relevance of this finding in the big picture; and must be able to weave each itemised result in the global fabric of overall investigations.

The best opportunity for the students to showcase these skills is their final year projects where they have the opportunity to autonomously apply their acquired knowledge in a systematic way. Most of the time, potential employers judge their skills for a graduate position from their final year projects. They should be able to confidently answer questions about the various stages of their work, selection of technologies, use of search results, etc.

In your experience, what is the most challenging part of teaching digital forensics?

The most challenging part of teaching digital forensics in my opinion is the use of industry standard commercial tools in developing open flexible learning environments for digital forensic courses. Recently, I have spoken about this issue at the HEA-STEM 2016 Conference. Details can be found here.

Another challenging issue is to find teachers for the digital forensic courses. The scarcity of skilled digital forensic professionals is also hampering the higher education sector. Birmingham City University has announced multiple times since last year 2 lectureship positions in the area of Cyber Security and Digital Forensics. However, we are still unable to find suitable candidates. This situation also highlights the skills shortage in this specialised area.

You're also working on a project to improve digital forensics education through multidisciplinary cooperation. In your opinion, what is the biggest challenge in trying to increase cooperation between disciplines, and how can it be addressed?

Cybercrime investigations is a multidisciplinary domain where appreciation of several areas is already a well-established requirement. Often cybercrime investigators have some knowledge of different domains but they hardly weave them together in the fabric of investigations. For example, they are aware of the corresponding legislations; they have good appreciation of investigation practices; and they have technical and presentation skills as well. However, their knowledge of each of these domains is limited to the respective domain instead of having a global view of the landscape where these domains are harvested. We are developing real-life case studies to reflect the integration of the essential knowledge of these domains into digital forensic practice. We are also developing educational resources including multimedia ones to deliver the results of this multidisciplinary project to our students.

The biggest challenge in this quest is to have a set of comprehensive case studies that can provide a common platform for different disciplines where they can test and validate real-life scenarios. For example, acquiring data from a remote server for analysis with a legally sound chain of custody of digital evidence and overall protection of personal data stored on the server. In such a scenario each discipline has its own specific way forward. However, if we take a holistic view, than we can understand the need of a trade-off to adequately address the requirements of each discipline without compromising the fundamental requirements. Our way of bringing people from different background is to engage them in a “Sandbox” where each of them can contribute for the bigger picture of cybercrime investigations as this is our common interest to see end-to-end (and not point-to-point) validation of our respective work.

Standardisation is a hot topic in digital forensics. Do you think it is possible to standardise forensic tools and procedures, and how do you think we can work towards this?

We certainly need standard procedures to harmonise the investigation practise especially when investigators from different organisations/countries are involved in the same case. There are already some initiatives in this regard:

1. National Institute of Standards and Technology (NIST) has released some guidelines for digital forensics

2. International Organization for Standardization (ISO) has developed two standards that are drawing wider attention of the cyber investigation bodies.

These standards are:

a. ISO 17020: Conformity assessment – Requirements for the operation of various types of bodies performing inspection

b. ISO 17025: General requirements for the competence of testing and calibration laboratories

These ISO standards are somehow generic but if we start adhering to them and gradually adapt them for the digital forensic domain then we can have some more specific standards. In my personal opinion, instead of relying on standardisation bodies, we should exchange our experiences to evolve a set of common/best practices. These practices could eventually be transformed into guidelines/standards etc. The problem is that the job of digital forensic analysts is so hectic that we hardly get any time for dissemination. But we need to realise the importance of sharing experience as it is going to help us all by having better and efficient investigation processes.

Finally, when you're not teaching, what do you like to do in your spare time?

I like to explore nature whenever I get some opportunity. This is a natural stress therapy that helps me reboot myself after a hectic work routine.

Syed Naqvi teaches Cyber Security and Forensics at Birmingham City University. To find out more about available courses, visit the BCU website.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.<br /><br />69% of employees note that the number of business applications they use at work has increased during the pandemic.<br /><br />Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.<br /><br />Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.<br /><br />Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.<br /><br />With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.<br /><br />Join Monica Harris, Product Business Manager, as she showcases how investigators can:<br /><br />- Manage multiple cloud collections through a web interface<br />- Cull data prior to collection to save time and money by gaining these valuable insights of the data available<br />- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box<br />- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee<br />- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...