A Research-led Practice-driven Digital Forensic Curriculum to Train Next Generation of Cyber Firefighters

Lack of skilled digital forensic professionals is seriously affecting the everyday life of everyone as businesses and law enforcement are struggling to fill the bare minimum number of digital investigator positions. This skills shortage can hinder incident response, with organizations failing to put effective measures in place following a cyberattack or to gather the digital evidence that could lead to the successful prosecution of malicious insiders and cybercriminals. It therefore makes the connected world less secure and digital economies less reliable, affecting everyone in their ecosystems. The commercial and public sectors are looking to higher education institutions to produce quality graduates equipped to enter the digital forensics profession. This paper presents our proposed research-led, practice-driven digital forensics curriculum. The curriculum is designed to respond to employers’ needs and is built on the experience of running a successful Cyber Security programme at Birmingham City University in the industrial heartland of the UK. All students will take a common set of modules in the first semester, but will be given the opportunity to specialise in digital forensics in the second semester and in their summer project, enabling them to graduate with the degree of MSc Digital Forensics

Forensic civism: articulating science, DNA and kinship in contemporary Mexico and Colombia

The article will present the findings of ethnographic research into the Colombian and Mexican forensic systems, introducing the first citizen-led exhumation project made possible through the cooperation of scholars, forensic specialists and interested citizens in Mexico. The coupling, evolution and mutual re-constitution of forensic science will be explored, including new forms of citizenship and nation building projects – all approached as lived experience – in two of Latin America's most complex contexts: organised crime and mass death

Forensic civism: articulating science, DNA and kinship in contemporary Mexico and Colombia

This is the final version of the article. Available from Manchester University Press via the DOI in this record.The article will present the findings of ethnographic research into the Colombian and Mexican forensic systems, introducing the first citizen-led exhumation project made possible through the cooperation of scholars, forensic specialists and interested citizens in Mexico. The coupling evolution and mutual re-constitution of forensic science will be explored, including new forms of citizenship and nation building projects – all approached as lived experience – in two of Latin America‘s most complex contexts: organised crime and mass death.We would like to thank Gobernanza Forense Ciudadana, A.C. and its members for their invaluable help. The article arises from a scholarship granted by the Mexican Council of Science and Technology (CONACYT) to Arely Cruz-Santiago and a COFUND International Junior Research Fellowship to Ernesto Schwartz-Marin at Durham University. The ESRC ‘Citizen-led Forensics’ (ES/M00063X/1) and ‘Public Engagement with Genomics and Race in Latin America’ [Leverhulme RPG- 044: directed by Peter Wade] projects allowed the authors to conduct fieldwork. Last but not least, we thank all the relatives of the disappeared in both countries and the forensic specialists who gave us their time

‘Crisis’, control and circulation: Biometric surveillance in the policing of the ‘crimmigrant other’

Automated facial recognition, the use of dactyloscopic data and advanced forensic DNA analyses are becoming dominant technological surveillance means for ‘crimmigration’ control. ‘Crimmigration’ describes the increasing criminalisation of migration, based on a perceived ‘crisis’ of mass migration and its assumed negative impact on national stability and welfare, materialising in overlapping crime and migration control regimes. We analyse the policing of migration through biometric technologies as the reproduction of social practices of security against crime. By combining concepts of social practices and ethical regimes, we suggest that biometric ethical regimes are constituted by social practices working towards legitimising the use of biomaterials and biodata. This analytical synthesis supports us in exploring how biometric technologies deployed in the policing of crime circulate into the policing of migration and vice versa. First, technologies as materials (DNA, fingerprints, facial images, analysis kits, databases, etc.) are inscribed with assumptions about validating identity and suspicion, and are increasingly made accessible as data across policy domains. Second, forensic competence moves in abstracted forms of expertise independent of context and ethics of application, creating challenges for reliable and legitimate technology deployment. Third, biometric technologies, often portrayed as reliable, useful, accurate policing tools, travel from crime into migration control with meanings that construct generalised criminal suspicion of migrants. To evidence the complexity and difficulty of achieving accountability and responsibility for the ethical governance of biometric technologies in policing, we trace how the goals, risks, benefits and values of biometric technologies are framed, and how the legitimacy of their deployment in policing of migration is constructed and negotiated.info:eu-repo/semantics/publishedVersio

The 2009 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market

The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the increasing popularity and use of smart phones, which also contain significant storage capacity. From the results of the research it remains clear that the majority of organisations and private individuals that are using these computers still remain ignorant or misinformed of the potential volume and type of information that is stored on the hard disks contained within these systems. The evidence of the research is that neither organisations nor individuals have considered, or are aware of, the potential impact of the information that is contained in the disks from these systems becoming available to an unintended third party. This is the fifth study in an ongoing research programme being conducted into the levels and types of information that remain on computer hard disks that have been offered for sale on the second hand market. This ongoing research series has been undertaken to gain an understanding of the level and types of information that remains on these disks, to determine the damage that could potentially be caused if the information was misused, and to determine whether there are any developing trends. The disks used have been purchased in a number of countries. The rationale for this was to determine whether there are any national or regional differences in the way that computer disks are disposed of and to compare the results for any regional or temporal trends. The disks were obtained from a wide range of sources in each of the regions in order to minimise the effect of any action by an individual source. The first study was carried out in 2005 and since then has been repeated annually with the scope being incrementally extended to include additional research partners and countries. The study in 2009 was carried out by British Telecommunications (BT) and the University of Glamorgan in the UK, Edith Cowan University in Australia, Khalifa University in the United Arab Emirates and Longwood University in the USA. The core methodology of the research has remained unaltered throughout the duration of the study. The methodology has included the acquisition of a number of second hand computer disks from a range of sources and determining whether the data contained on the disks has been effectively erased or if they still contain information relating to previous owners. If information was found on the disks from which the previous user or owner could be identified, the research examined whether it was of a sensitive nature or in a sufficient volume to represent a risk. One of the consistent results of the research through the entire period has been that, for a significant proportion of the disks that have been examined, there was sufficient information present to pose a risk of a compromise of sensitive information to either the organisation or the individual that had previously used the disks. The potential impacts of the exposure of this information could include embarrassment to individuals and organisations, fraud, blackmail and identity theft. In every year since the study started, criminal activity has also been exposed. As has been stated in the previous reports, where the disks had originated from organisations, they had, in many cases, failed to meet their statutory, regulatory and legal obligations

A method for forensic artifact collection, analysis and incident response in environments running Session Initiation Protocol (SIP) and Session Description protocol

In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis