University Life - Study

Digital Forensics

Cable anyone?
Military-grade forensics kit

Military-grade forensics kit

Given that my last blog post was about a module that involved eating cake and studying One Direction, I thought it wise that my next blog post be aimed at a different audience category (in terms of age group). While the lecturer for this module doesn’t bring in free cake for us to eat each week, he does let us play with a lot of cool stuff!

All the lectures in this module take place in a lab called the Sandpit, which is a lab designed specifically for Security-related modules as it is cut-off from the University network. This means that we can introduce viruses onto the network, send Trojans to one another, let Worms loose on the network and cause all sorts of computer-related epidemics (emphasis on the computer-related) without worrying about being expelled or facing ten years in prison. In fact, because the lecturer controls the network (as opposed to the University), we can even organise little wars between different parts of the lab (again, still computer-related, aside from the occasional lightsaber spar that no Computer Science module is complete without).

The lab consists of many computer islands

The lab consists of many computer islands

In this module we learn how to respond after an attack has taken place on a network. Usually after a company has suffered a cyber attack, they will want to know how it happened, whether any artifacts (such as malware) from the attack remain and who is responsible. We learn how to go about finding answers for all of those questions. However, I should say at this point that those questions aren’t always particularly easy to answer as companies have big networks (with hundreds of computers) and so it isn’t quite as simple as walking in, typing a few commands, saving the world and getting the girl. In reality it can be quite time-consuming, require a lot of patience and really ruin a first date. That being said, it is very addictive.

However, it’s not just cyber-attacks that forensics experts need to be able to respond to, if a police carries out a raid, analysis of the suspected criminal’s phone, computers and literally any other electronic media that belongs to him/her can provide invaluable evidence. Therefore we also learn how to analyse multiple terrabyte drives quickly (as reading a two terrabyte drive bit-by-bit would take

Teaching Station

Teaching Station

on average 3800 years…. The Nordic Bronze Age started 3800 years ago). Most importantly, we learn how to recover deleted data from a drive/phone as when you delete data from your computer or phone (such as messages), it is still actually quite easy for a forensics expert to recover all of the data (Note to reader: Never ever sell the lecturer for this module your phone after you no longer want/need it).

This module is particularly enjoyable as it is very practical! There are plenty of sessions where you will actually recover deleted data, analyse an actual machine after it has been attacked and find incriminating evidence. Best of all, because the lecturer has a sense of humour (which verges on inappropriate for the seriousness of this topic), the incriminating evidence is usually embarrassing pictures or videos of people beating up their computers. Therefore, if you’re planning on doing an MSc in Advanced Computer Science, I would strongly suggest you at least consider this module.