Development and Delivery of Coursework: The Legal/Regulatory/Policy Environment of Cyberforensics

This paper describes a cyber-forensics course that integrates important public policy and legal issues as well as relevant forensic techniques. Cyber-forensics refers to the amalgam of multi-disciplinary activities involved in the identification, gathering, handling, custody, use and security of electronic files and records, involving expertise from the forensic domain, and which produces evidence useful in the proof of facts for both commercial and legal activities. The legal and regulatory environment in which electronic discovery takes place is of critical importance to cyber-forensics experts because the legal process imposes both constraints and opportunities for the effective use of evidence gathered through cyber-forensic techniques. This paper discusses different pedagogies that can be used (including project teams, research and writing assignments, student presentations, case analyses, class activities and participation and examinations), evaluation methods, problem-based learning approaches and critical thinking analysis. A survey and evaluation is provided of the growing body of applicable print and online materials that can be utilized. Target populations for such a course includes students with majors, minors or supporting elective coursework in law, information sciences, information technology, computer science, computer engineering, financial fraud, security and information assurance, forensic aspects of cyber security, privacy, and electronic commerce

Paper Session IV: Development and Delivery of Coursework - The Legal/Regulatory/Policy Environment of Cyberforensics

This paper describes a cyber-forensics course that integrates important public policy and legal issues as well as relevant forensic techniques. Cyber-forensics refers to the amalgam of multi-disciplinary activities involved in the identification, gathering, handling, custody, use and security of electronic files and records, involving expertise from the forensic domain, and which produces evidence useful in the proof of facts for both commercial and legal activities. The legal and regulatory environment in which electronic discovery takes place is of critical importance to cyber-forensics experts because the legal process imposes both constraints and opportunities for the effective use of evidence gathered through cyber-forensic techniques. This paper discusses different pedagogies that can be used (including project teams, research and writing assignments, student presentations, case analyses, class activities and participation and examinations), evaluation methods, problem-based learning approaches and critical thinking analysis. A survey and evaluation is provided of the growing body of applicable print and online materials that can be utilized. Target populations for such a course includes students with majors, minors or supporting elective coursework in law, information sciences, information technology, computer science, computer engineering, financial fraud, security and information assurance, forensic aspects of cyber security, privacy, and electronic commerce. Keywords: Cyberforensics; Electronic Data Discovery; Electronic Records Management; Pre-Trial Discovery; Admissibility of Electronic Evidence; Information Assurance, Security and Risk Analysi

Greening cloud-enabled big data storage forensics : Syncany as a case study

The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process by locating and documenting residual artefacts (evidences) of forensic value of users’ activities on cloud-enabled big data platforms in order to reduce the investigation time and resources involved in a real-world investigation. In this paper, we seek to determine the data remnants of forensic value from Syncany private cloud storage service, a popular storage engine for big data platforms. We demonstrate the types and the locations of the artefacts that can be forensically recovered. Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics, which can result in reduced time and resources spent in real-world investigations involving Syncany-based cloud platforms

The Development of Digital Forensics Workforce Competency on the Example of Estonian Defence League

03.07.2014 kehtestati Vabariigi Valitsuse määrus nr. 108, mis reguleerib Kaitseliidu kaasamise tingimusi ja korda küberjulgeoleku tagamisel. Seega võivad Kaitseliidu küberkaitse üksuse (KL KKÜ edaspidi KKÜ) kutsuda olukorda toetama erinevad asutused: näiteks Riigi Infosüsteemide amet (RIA), infosüsteemi järelevalveasutus või kaitseministeerium või selle valitsemisala ametiasutused oma ülesannete raames. KKÜ-d saab kaasata info- ja sidetehnoloogia infrastruktuuri järjepidevuse tagamisel, turvaintsidentide kontrollimisel ja lahendamisel, rakendades nii aktiivseid kui passiivseid meetmeid. KKÜ ülesannete kaardistamisel täheldati, et KKÜ partnerasutused / organisatsioonid ei ole kaardistanud oma spetsialistide olemasolevaid pädevusi ja sellele lisaks puudub ülevaade digitaalse ekspertiisi kogukonnas vajaolevatest pädevustest. Leitut arvesse võttes seati ülesandeks vajadustest ja piirangutest (võttes arvesse digitaalse ekspertiisi kogukonda kujundavaid standardeid) ülevaatliku pildi loomine, et töötada välja digitaalse ekspertiisi kompetentsipõhine raamistik, mis toetab KKÜ spetsialistide arendamist palkamisest pensionini. Selleks uurisime KKÜ ja nende olemasolevate koolitusprogrammide hetkeolukorda ning otsustasime milliseid omadusi peab edasise arengu tarbeks uurima ja kaaluma. Võrreldavate tulemuste saa-miseks ja eesmärgi täitmiseks pidi koostatav mudel olema suuteline lahendama 5-t järgnevat ülesannet: 1. Oskuste kaardistamine, 2. Eesmärkide seadmine ja ümberhindamine, 3. Koolituskava planeerimine, 4. Värbamisprotsessi kiirendamine ning 5. Spetsialistide kestva arengu soodustamine. Raamistiku väljatöötamiseks võeti aluseks National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) pädevusraamistik mida parendati digitaalse ekspertiisi spetsialistide, ja käesoleval juhul ka KKÜ, vajadusi silmas pidades. Täiendusi lisati nii tasemete, spetsialiseerumise kui ka ülesannete kirjelduste kujul. Parenduste lisamisel võeti arvesse töös tutvustatud digitaalse ekspertiisi piiranguid ja standardeid, mille lõpptulemusena esitati KKÜ-le Digitaalse Ekspertiisi Pädevuse ontoloogia, KKÜ struktuuri muudatuse ettepanek, soovitatavad õpetamisstrateegiad digitaalse ekspertiisi kasutamiseks (muudetud Bloomi taksonoomia tasemetega), uus digitaalse ekspertiisi standardi alajaotus – Mehitamata Süsteemide ekspertiis ja Digitaalse Ekspertiisi Pädevuse Mudeli Raamistik. Ülesannete ja oskuste loetelu koostati rahvusvaheliselt tunnustatud sertifitseerimis-organisatsioonide ja erialast pädevust pakkuvate õppekavade abil. Kavandatava mudeli hindamiseks kasutati mini-Delphi ehk Estimate-Talk-Estimate (ETE) tehnikat. Esialgne prognoos vajaduste ja prioriteetidega anti KKÜ partnerasutustele saamaks tehtud töö kohta ekspertarvamusi. Kogu tagasisidet silmas pidades tehti mudelisse korrektuurid ja KKÜ-le sai vormistatud ettepanek ühes edasise tööplaaniga. Üldiselt kirjeldab väljapakutud pädevusraamistik KKÜ spetsialistilt ooda-tavat pädevuse ulatust KKÜ-s, et suurendada nende rolli kiirreageerimisrühmana. Raamistik aitab määratleda digitaalse ekspertiisi eeldatavaid pädevusi ja võimekusi praktikas ning juhendab eksperte spetsialiseerumise valikul. Kavandatud mudeli juures on arvestatud pikaajalise mõjuga (palkamisest pensionini). Tulenevalt mudeli komplekssusest, on raamistikul pikk rakendusfaas – organisatsiooni arengule maksimaalse mõju saavutamiseks on prognoositud ajakava maksimaalselt 5 aastat. Antud ettepanekud on käesolevaks hetkeks KKÜ poolt heaks kiidetud ning planeeritud kava rakendati esmakordselt 2019 aasta aprillikuus.In 03.07.2014 Regulation No. 108 was introduced which regulates the conditions and pro-cedure of the involvement of the Estonian Defence League (EDL) Cyber Defence Unit (CDU) in ensuring cyber security. This means that EDL can be brought in by the Information System Authority, Ministry of Defence or the authorities of its area of government within the scope of either of their tasks e.g. ensuring the continuity of information and communication technology infrastructure and in handling and solving cyber security incidents while applying both active and passive measures. In January 2018 EDL CDU’s Digi-tal Evidence Handling Group had to be re-organized and, thus, presented a proposal for internal curriculum in order to further instruct Digital Evidence specialists. While describing the CDU's tasks, it was noted that the CDU's partner institutions / organizations have not mapped out their specialists’ current competencies. With this in mind, we set out to create a comprehensive list of needs and constraints (taking into account the community standards of DF) to develop a DF-based competence framework that supports the devel-opment of CDU professionals. Hence, we studied the current situation of CDU, their existing training program, and contemplated which features we need to consider and ex-plore for further development. In order to assemble comparable results and to achieve the goal the model had to be able to solve the 5 following tasks: 1. Competency mapping, 2. Goal setting and reassessment, 3. Scheduling the training plan, 4. Accelerating the recruitment process, and 5. Promoting the continuous development of professionals. The frame-work was developed on the basis of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), which was revised to meet the needs of DF specialists, including EDL CDU. Additions were supplemented in terms of levels, specialization, and job descriptions. The proposals included the DF limitations and standards introduced in the work, which ultimately resulted in a proposal for a Digital Forensics Competency ontology, EDL CDU structure change, Suggested Instruc-tional Strategies for Digital Forensics Use With Each Level of revised Bloom's Taxonomy, a new DF standard subdivision – Unmanned Systems Forensics, and Digital Forensic Competency Model Framework. The list of tasks and skills were compiled from international certification distribution organizations and curricula, and their focus on DF Special-ist Competencies. Mini-Delphi or Estimate-Talk-Estimate (ETE) techniques were applied to evaluate the proposed model. An initial estimation of competencies and priorities were given to the EDL CDU partner institutions for expert advice and evaluation. Considering the feedback, improvements were made to the model and a proposal was put forward to the CDU with a future work plan. In general, the proposed competence framework describes the expected scope of competence of an DF specialist in the EDL CDU to enhance their role as a rapid response team. The framework helps in defining the expected compe-tencies and capabilities of digital forensics in practice and offers guidance to the experts in the choice of specialization. The proposed model takes into account the long-term effect (hire-to-retire). Due to the complexity of the model, the framework has a long implementation phase — the maximum time frame for achieving the full effect for the organization is expected to be 5 years. These proposals were approved by EDL CDU and the proposed plan was first launched in April 2019

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

TLAD 2010 Proceedings:8th international workshop on teaching, learning and assesment of databases (TLAD)

This is the eighth in the series of highly successful international workshops on the Teaching, Learning and Assessment of Databases (TLAD 2010), which once again is held as a workshop of BNCOD 2010 - the 27th International Information Systems Conference. TLAD 2010 is held on the 28th June at the beautiful Dudhope Castle at the Abertay University, just before BNCOD, and hopes to be just as successful as its predecessors.The teaching of databases is central to all Computing Science, Software Engineering, Information Systems and Information Technology courses, and this year, the workshop aims to continue the tradition of bringing together both database teachers and researchers, in order to share good learning, teaching and assessment practice and experience, and further the growing community amongst database academics. As well as attracting academics from the UK community, the workshop has also been successful in attracting academics from the wider international community, through serving on the programme committee, and attending and presenting papers.This year, the workshop includes an invited talk given by Richard Cooper (of the University of Glasgow) who will present a discussion and some results from the Database Disciplinary Commons which was held in the UK over the academic year. Due to the healthy number of high quality submissions this year, the workshop will also present seven peer reviewed papers, and six refereed poster papers. Of the seven presented papers, three will be presented as full papers and four as short papers. These papers and posters cover a number of themes, including: approaches to teaching databases, e.g. group centered and problem based learning; use of novel case studies, e.g. forensics and XML data; techniques and approaches for improving teaching and student learning processes; assessment techniques, e.g. peer review; methods for improving students abilities to develop database queries and develop E-R diagrams; and e-learning platforms for supporting teaching and learning

The Understanding of Digital and Multimedia Evidence (DME) by Attorneys and Digital Forensic Examiners (DFE) within the United States Criminal Justice System

One goal of this research was to determine potential themes that may influence the understanding of Digital and Multimedia Evidence (DME) by attorneys and Digital Forensic Examiners (DFE) within the United States Criminal Justice System. Qualitative semi-structured interviews were conducted to gather information from experienced criminal attorneys and DFEs regarding potential influences on their understanding of DME. The results of these interviews were transcribed, and the data coded to allow for qualitative analysis. Five themes were developed from this data and are thought to play a role in understanding of DME by attorneys and DFEs: motivation for involvement in the criminal justice system (passion for the job, desire to work in law enforcement, monetary gain, sense of ethical obligation, and seeking justice), experience (and knowledge), generational influences (age and the CSI Effect), communication within defined roles, and education/training. These five themes were used as a guide to develop a questionnaire that was then distributed to attorneys and DFEs across the U.S. Statistical analyses were conducted on the survey results from attorneys (n = 14) and DFEs (n = 44) in relation to the five themes. Attorneys and examiners agreed on many facets of each theme. The most influential motivational factor for seeking a career as an attorney or DFE is a passion for the field. Experience was determined to be one of the most influential key components to understanding DME. Increasing age and the CSI Effect may be detractors to understanding DME. An increase in frequency of communication between attorneys and DFEs has the potential to affect DME understanding and case efficiency. Higher educational levels of attorneys are much greater than DFEs, but technical DME training levels, which influence DME understanding more, are much greater for DFEs. Attorneys tend to use online research as a primary learning method, while DFEs rely primarily on technical training. Each of the identified themes shows promise for influencing understanding of DME by Attorneys and DFEs within the U.S. criminal justice system. Vicarious secondary trauma was also examined and is experienced by attorneys and DFEs working with DME. Training on recognition of vicarious secondary trauma is recommended

How to Use Litigation Technology to Prepare & Present Your Case at Trial October 27, 2021

Meeting proceedings of a seminar by the same name, held October 27, 2021