This is the transcript for the MSc in Cyber Security and Digital Forensics webinar from June 2022.
- My name's Maddy. I'm the senior course advisor at the University of Portsmouth. So you might have spoken to me or to maybe, Freddie, or Lisa, or one of my colleagues who are helping you with your application. And then I've also got Dr. Mo Adda with me and Yan, who is one of our current students.
- My [INAUDIBLE] actually come from parallel computing, high-performance computing from multi-threaded systems, operating systems a long, long time ago. And through my career, actually, I been involved in a lot of software development.
I was mainly interested in business-process modeling. Using simulation and modeling for model development and business intelligence, as well. I become involved with cybersecurity, digital forensic, about 10 years ago, when the University of Portsmouth decided, actually, to open a new directions of new courses in digital forensics and cyber security.
I found out, actually, that most of the element that are part of the digital forensics, are basically things that are new before, things like, computer architecture, operating systems, hard disk, memories, all that hardware that I used to learn in my past degrees, actually. It was part of the digital forensics, itself.
I'm involved, currently, with researching multi-threaded architecture in cybersecurity, digital forensic. Mainly, the current project that I'm involved with are, forensic for IoT devices, and how to protect evidence using blockchain cybersecurity algorithms. And how to, actually, prosecute international crimes that happens across several boundaries. And that's part of the project that I'm involved with, with my PhD student.
YAN URQUIZA: Yeah, from a professional point of view, I've almost worked in IT, or anything related to a computer. I started, basically, by fixing and building computers in a computer shop so very hardware oriented.
And then move to development. So I went back to school quite long after. And started to work as a web developer, actually. It's a bit different. And in the middle, also worked as a mobile network engineer, kind of covering quite a few different domains IT-wise.
I'm currently working as a DevOps, so deeper into servers, a lot of Linux, continuous integration, and things like that. And so, yeah, going to digital forensics and cybersecurity, was kind of logical. It's kind of bring a bit more.
And, yeah, I'm quite aiming to learn new things and get new skills. And, especially as a DevOps, it's going to be quite helpful, I think, for both the future and my career.
Well, to be honest, I was not sure. I couldn't get into a master because I started to work straight after my a-level. Though, was a bit short diploma-wise. I went back to school, for that purpose, in 2006 and got the equivalent of British [INAUDIBLE], I think, in programming.
And so because of the IT nature, as well, if you want to be good, you have to keep learning, keep everything, keep learning new skills. And well, I like that kind of things. I like learning. And with that master, yeah, basically, I was aiming to have something a bit more structured and stop looking on forums and pick up things for my job, for instance, or learning new things.
And yeah, with that master, it's really something I was aiming for. And it's happening, basically. So you have courses. And yeah, [INAUDIBLE] because I heard about the University through friends, basically, who went to that University years ago.
I thought was quite interesting, also, because I'm located quite close to [INAUDIBLE], so I could see by myself going [INAUDIBLE] check the uni buildings. I actually, went a couple of times to the library. So I almost local.
That's also why and reputation, of [INAUDIBLE] in terms of equipment, as well, was very good.
- You actually were admitted to the course on the back of your professional experience, which is also a really valid option for students, as well.
YAN URQUIZA: Yeah.
- Have you found that has changed your experience on the course? Like you're having more of a professional rather than an academic background?
YAN URQUIZA: I think through the modules I went through, so far, it's quite proficient already material. It's not like theoretical kind of useless skills you learn after. And you go to the professional life and you're like, I don't know how I'm going [INAUDIBLE]. So it's quite spot on, in terms of professional experience.
I started to use some stuff I learned from that master at work. On Linux, working on the servers, for instance, I started to apply some things. I don't [INAUDIBLE] modules. So it's really spot on professionally-wise.
I think it's going to be quite easy to reuse skills or even move to something definitely more cybersecurity or digital forensics-oriented, Yeah.
MO ADDA: The philosophy of the course that we developed , is like a bridge between the academic ground and the professional ground, which means now, the course actually comes with a lot of practical aspects, as Yan has noticed, which is true, actually.
So for the student, actually, with all the academic background, it gives them the opportunity to understand, actually, the development and give them a taste of how the future or the company will look like from their point of view, if you like.
On the other side, actually. For the developer, it gives them a bit of theoretical understanding. It's always good to be a developer and also to have some academic ground, in such a way that it gives you more thinking, more creativity in your brain, if you like rather than just developing and configuring software and selling software.
So what the course does, it gives you an extra, if you like, an extra bonus to your work. It makes you think more, actually, than just developing. And that's what the philosophy of the course, which is quite different from other university courses. That it was actually the way we developed it.
So students actually spend more time practicing and playing, if you like, with different algorithms, testing different investigations. They would be given criminal case, which I'm sure Yan have done it, in module 1, where they will have to do investigation on a criminal case and produce a report that will be produced in a court of law.
So regardless of what your background is, eventually, the course will prepare you towards your objective to what your aims, if feel like. Initially, if your background is not IT, we have a lot of students coming from law, from psychology, criminology, and they didn't make it through the course.
So the first few weeks, actually, the instructions of the tutor, they will help students by giving them the basics of what the course will require to prepare them. And eventually, after that, you would be more practical, of course, supported by the theory. But the target there, is how to prepare a student in a working field or about how to face the future in your working organization, where you would be giving you a problem. Here is a crime case. Would you solve this for us?
So the course will prepare you to do that. And many of our students have graduated from the course. I'm talking about the online version because we haven't got the end result, yet, with the distance learning course.
So we only actually-- or the student, actually, they have managed to successfully obtain jobs and felt comfortable. And they realize that all the techniques, the procedure, the method they have learned from the course, they found them useful in the working environment.
- We've had quite a few questions about time management and how you manage to fit both alongside each other.
MO ADDA: Well, it depends. It's quite flexible. Because the courses are recorded, benefits are if you don't click on the first time you watch it, you can just watch it again and again and pause it. And you can do that whenever you want, whenever you have time to do. So that's one positive thing. Changes also, you can work on that when you have time.
In my case, we can have very long days. Or we have days where we just monitor the systems and make sure nothing happens. So it's perfect timing to work on the master at the same time.
I was interested by that part, obviously. Especially when you look at the news, you have not a day without some company being attacked or the websites being hacked or things like that. So yeah, it's every day. It's ready to every day.
It's going to be more and more useful, I think, not just for cybersecurity. I think everybody will have to have a minimal knowledge about that kind of-- be aware. And yeah, with what we learn at the moment, it's a bit funny because you are aware of it before, obviously, the course. You know, roughly, why or how it works. So it's kind of guessing.
But with the course [INAUDIBLE] you-- it's kind of spot on. You hear something or you read something new. And you kind of, OK, that's what happened. That's how they did. Or you kind of reverse engineer the news you hear. And you have a better understanding of it.
And yeah, where quite definitely it's kind of same process. You clicked on something during the course, and yeah, it makes your life much easier at work or opens new possibilities you didn't think about before.
- On the design of this course, is built on the fact that we are aware that the technology in cybersecurity and digital forensics keeps evolving every day. New attacks, new algorithm, new method for examining the new technologies emerging in the market does dominate all the courses, actually. All the courses that have been developed in any University in the world of cyber security. And digital forensic are concerned with it.
The question now, how do we produce a program or a course that will take into consideration this evolution? It is not possible for any university or any course to include every attack in cybersecurity in the course. Or every digital forensic techniques in the course. It's not possible because of the lack of space and time.
Probably, instead of spending your three years to do the [INAUDIBLE] you'll probably have to do 10 years. So, eventually, what we do in this course, we teach, actually, the student the general concept. Takes like the algorithms are used for encryption decryption. The techniques that have been used or are used by digital forensic analysts to examine crimes.
The principle of hacking, which Yan, you will be seeing this one in module 4. Know how to do the hacking or how to protect systems. But then that is what is within the box, But then outside the box, these new technologies that are emerging, like the forensic of IoT devices, things like ransomware attacks, which is happening now, currently. And it's a new type of attack. There will be other new attacks, as well, emerging continues, as we go on.
So the student will be given the opportunity to use assessment and to target or possibly study, one of those technologies one of these attacks that they are interested in.
For instance, Yan, you could be interested in going toward ransomware, as an example. You say, well, I'm really interested in that. I would like to, probably, explore it further. So the dissertation, the project will give you the opportunity to explore it further.
Some of the assessment work in the module 4, module 3 they will ask you to pick up a topic of your interest about cybersecurity event or attacks, for instance. And write an essay into it. You will be marked into it, but that also gives you the opportunity to do work by yourself, under the guidance of the tutor, of course, and the course leader.
And then you would be exploring, in a way, a different dimension, using the skills that you have learned from the course itself and applying it to a new environment, new dimension, new attacks, if you like. And that's, basically, the concept of the course.
YAN URQUIZA: I think it's cybersecurity. Digital forensics is going to be mandatory. As I mentioned earlier, people, even if they don't, obviously go specialist in digital forensics or cybersecurity, will have to get some awareness about these concepts. At least to protect themselves from scam, or hacking, or I don't know. That kind of things.
But, yeah, you have to understand. You have to kind of embrace the concept, if it makes sense. And I think it's not going to be an option. it's getting worse and worse. I mean, in terms of attacks.
But it's a bit like people just clicked a couple of years ago, but it's already in place for quite a long time. It's just making more noise now. So people are getting a bit more aware, became quite fancy.
But actually, you have, I think, the first digital forensic cases, you can track them back to the '70s, maybe. Hacking, I think the first internet hacking, was in the mid '80s, I think.
So it's quite old. It's just becoming more and more important because everything is connecting more. Your watch, your computer, your phone you are always connected. And if you are connected, if you have an access to internet, basically, you can be attacked or you can attack.
Forensic aspect about that, is a bit like arriving on a crime scene and saying, OK, what happened? We had an issue. And you have to find the clues. You have to follow the tracks. And yeah, it's, I think, everybody would have to get there at some point. At different levels but everybody would have to be [INAUDIBLE] about it.
- They could look at how to analyze malware. And then analyze the effect of malwares on different companies, different expertise, for instance. The expectation from this kind of project, would be, probably, students to do a bit of research on the malware's behavior, structure.
And then produce like a Google form, and send it to people outside, who have actually been, probably exposed or faced with attack from malware. And then the objective of this type of project, would be the student to evaluate the data that she or he receives from the phone and analyze the data.
And then produce some kind of recommendations. A recommendation would be a way of making people aware of the danger that they could be facing, with different types of malware that could attack them.
Because each of this malware has a different objective and different philosophy of attacking. And that part of project, would be to look at those one and produce it for like a map or a table, which readers or a general audience will learn from it and protect themselves.
The other project, which involves the anti forensic. The anti forensic is a technique that criminals are using now. It's becoming a hot topic. They try to use this technique to stop the police and the investigator from finding evidence.
You can commit crime, using your mobile phone, but you are clever enough to protect your mobile phone. And no one can access the evidence. Even if they do access it, they will not be able to extract it, or not be able to see it. And this is what we call anti-forensic.
There are several techniques. So this particular project, will give the opportunity to students to investigate all those possible technique, and see if they can produce solutions to crack those anti-forensic techniques and, again, produce a set of recommendations to the police or to the law enforcement agencies, how to avoid anti-forensic approaches.
Other technique will be in examining the tools, the forensic tools. At the moment, we have several forensic tools. We have professional ones that we use in the lab, like FTK, XRY, et cetera. And we have free tools like autopsy. There are so many online free tools.
In term of course, eventually, a professional tool, you end up paying a lot of money for them. Surely, they cost a lot. The free tools, they don't cost anything. You just download them.
But then the question is, if you are investigating a criminal case, of course, you have to ask yourself, what do I use? Do I use a professional tool? Or do you use a free tool? The answer to that question. Will the Court of law will accept your report, as a witness statement, that you have produced from a professional tool, which is known to everyone, to all the companies, against a free tool which you downloaded from the internet, and you use it for the investigation.
Surely, the drawback with the free tools, some of them are open source. So they could be that someone has tampered with the code or changed the code. In which case, it renders the tool less effective in extracting evidence.
Or probably, you know one of the principle of the investigation, is that no one should tamper with the evidence. If anything is changing of the evidence then you will not be admissible in a court of law.
So those free tools that you are using, they might not have that restriction. They might be changing things. It's on the evidence. In which case, they might not be valid. So what this sort of project would be, to give the chance to a student to examine different tools in the market, some professional, some free tool, like autopsy and FTK.
And then develop a kind of map or a table to judge, according to your criteria, you produce a matrix. And saying that, oh, this tool can be admitted in a court of law and why, or cannot be, and the why. So that's another project.
The other project on cybersecurity, they look at the darknet. And I'm sure, Yan, you would be involved with darknet in module 4. And so they will look at the impact of darknet. And the sort of crime that happens using the darknet. And how to, probably, avoid that from happening.
Another project, will be looking up to the social networks, like Facebook, Twitter. And how do you protect the data into the site? It's called data sharing, whether should I share my picture with my friend or not.
And then the algo you will be producing, will be telling you the likelihood of sharing a picture, or your picture, for instance, or family picture with your friend or not. What the system does is going to take your friend, and look at the friend of your friend of your friend, and see if there is anyone who is dodgy or hacker that could use the picture for his benefit or something.
So basically, these are the sort of project you can see. They are quite actually variable in scope. Everyone with different backgrounds in law or a techie guy, could choose one of those sort of courses. So there's actually a lot of choices for them, yes.
YAN URQUIZA: Well, it's actually very different from what I was expecting, which is a good thing, actually. Because my view was quite narrow minded. So I came from the kind of big street and with big common thinking about cybersecurity.
And actually, bit ashamed to say, but I was kind of not considering digital forensics that much. I was really looking for the cybersecurity. But actually, it's much wider than what I was expecting. And we don't think that was not even suspecting to exist, basically.
That capacity to think out of the box, as well, is very recent thing. That it's going to be constant for the modules, I think. Basically, tutor on for the course, you get the basics. And you're asked to develop yourself to show you understand.
And you are even asked to come with your own ways, your own view. You're quite encouraged to not follow a given path, but come and make your own path. So it's very interesting that way. Cyber, deterrence-wise, for the first two modules, because I have a good background, I have great tools, for instance, for the career of cryptography.
To me, it helped to really get the concept. So basically I translated in code, what I was learning for the courses. And I didn't expect that kind of things at all when I started. I was really seeing the cybersecurity like, just hardcore coding, dark hacker [INAUDIBLE].
But it's much more than that. And, actually, you can't separate digital forensics from cybersecurity. If you consider the cybersecurity aspect, digital forensics would be your blue team. Do you know the red team, blue team concept? You would have to be very good at digital forensics if you want to be a very effective blue team person.
MADELEINE LLOYD: Yeah.