Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching Computer Forensics The Development of Challenging Assessments for Computer Forensics Students Diane Gan, David Chadwick, Dimitris Frangiskatos.

Published byRichard Tobin Modified over 10 years ago

Similar presentations

Presentation on theme: "Teaching Computer Forensics The Development of Challenging Assessments for Computer Forensics Students Diane Gan, David Chadwick, Dimitris Frangiskatos."— Presentation transcript:

1 Teaching Computer Forensics The Development of Challenging Assessments for Computer Forensics Students Diane Gan, David Chadwick, Dimitris Frangiskatos D.Gan@gre.ac.ukD.Gan@gre.ac.uk, D.R.Chadwick@gre.ac.uk, D.Frangiskatos@gre.ac.ukD.R.Chadwick@gre.ac.uk D.Frangiskatos@gre.ac.uk School of Computing & Mathematical Sciences University of Greenwich

2 2 Contents Introduction – Programmes, modules, students – Problems and solutions Course and Assessment – The scenario Teaching Computer Forensics – Educational paradigm: PBL Did it work? – Results – Expert testimony – Student experience Conclusions

3 Why? When you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is a meagre and unsatisfactory kind; it may be the beginning of knowledge, but you have scarcely, in your thoughts, advanced to the state of science. William Thomson, Lord Kelvin, 1883 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk3

4 Introduction Programmes and modules – UG Programmes with Computer Forensics (as an option in years II and III): BSc Computer Science BSc Software Engineering – PG Programmes in Computer Forensics : MSc Computer Forensics and Systems Security MSc Computer Forensics and Security Management – PG Programmes with Computer Forensics (as an option): MSc Network & Computer Systems Security MSc Information Security & Audit 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk4

5 Students PG: programmes mostly overseas UG: home students with some overseas For both the of the above the following apply: – They think its like CSI – They will find most of the evidence but will struggle with the analysis of the evidence (critical evaluation) – Report writing is the main issue And when the report is good is too techie!!! 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk5

6 Problems and solutions Lab machines: dedicated VS accessible to all Lab setup: forensic lab with state of the art machines VMware and Windows 7 Access to hardware – write-blockers, mobile phone forensic kits, EnCase Support for labs – dedicated Lectures - sharing a module between three lecturers 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk6

7 Course and Assessment A forensic scientist can easily become a forensic investigator but its not so easy for the opposite Multidiscipline approach for the programmes that have forensics as an option Exam 50%, Coursework 50% Coursework – To catch a thief one must think like one – Profile of the suspect 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk7

8 Course and Assessment (contd.) Industrial espionage case A USB stick that has been imaged without the suspects knowledge Analysis of the evidence: – Lots of files - lots evidence e.g. A BMP file with an email steganographically embedded into it – steg tools must be used evidence everywhere – some red herrings – Lots of circumstantial evidence: tools for hacking, stego, network sniffing, Illegal software, copyrighted music, pictures of sexual nature - secondary evidence which constitute a breach of contract. 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk8

9 Educational Paradigm: PBL In PBL (Problem Based Learning) the focus is on : 1.organising the curricular content around problem scenarios rather than subjects/disciplines 2.having problem scenarios that reflect real world situations 3.encouraging students to learn by themselves as they seek further knowledge 4.having staff engaged as learning facilitators rather than front of the class pedagogists 5.encouraging students to learn together and share the further knowledge research process 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk9

10 Why Problem Based Learning? Contextually valid :- – Problems taken from professional or academic practice, – students acquire knowledge around these problems. Indications that it has a strong motivating effect as:- – little emphasis on perceived dry theory, – more emphasis on exciting practitioner elements. Designed to emulate professional practice in a way that assessment is : – performance-based, – holistic, – permits students to input own thoughts and decisions. 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk10

11 PBL – any problems? Research literature suggests that students take easily to the PBL approach as they find it a more natural way of learning It is the staff who have the greater problem in accepting it, often being unable to let go of the customary question and answer pedagogic role LTSN Assessment Series 13, 2010; A briefing On Assessment in Problem-Based Learning; MacDonald R, Savin-Baden M; http://www.bioscience.heacademy.ac.uk/; 9th Nov 2010[LTSN Assessment series 13, 2010; p6]. http://www.bioscience.heacademy.ac.uk/ 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk11

12 Roles of The Tutors as Facilitators Tutor 1 (Tools): Students unsure where to start. Concept of a tool-set from which tools were to be selected and decisions made as to which to try first and how. Tutor 2: (Report) Students unsure how to report findings Various directions on need for structuring thoughts and findings and following a standard report format. Tutor 3: (Court) Students unsure re: appearance and cross- examination. Topics broached such as court room procedure, where an expert witness might physically stand, dress and speak. Approach well-accepted; –the different tutor personalities strengthened the process –Students praised a bank of specialist knowledge to call on. 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk12

13 Results Report students submitted a written report found the template challenging students chose to use FTK why - easier to use than EnCase - download a free version all the students found the easy evidence best students found nearly all the evidence even the encrypted and password protected files 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk13

14 Expert Witness testimony Law students - gave the exercise an extra dimension when forensics students began to use techie language they were stopped immediately they had to explain any term or a phrase that they had used used terms that they could not adequately explain, in an attempt to impress the jury 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk14

15 Expert Witness testimony (contd.) Assessed on:- appearance professional demeanour ability to answer questions confidently and competently content of their evidence or not explaining anything they were discussing at the right Marks given for each presentation were a combination of the lecturers mark and the jurys marks Law students were asked if they thought that this expert witness had convinced them that the defendant was guilty average coursework mark for the class was 55.133% top student got 97% 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk15

16 The student experience 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk16 QUESTIONSREPLIES 1.Did you enjoy the experience – Yes/No? 67% (24 of the 36) said Yes 1.Did you learn from the experience – Yes/No? 100% (36 of the 36) said Yes 1.Do you have any suggestions on how it might be improved? Several suggestions were made including: More preparation time to be given Assignment was worth 50% of the course grade CMS Students (the Expert Witnesses) were formally questioned on their experience. 36 students took part in this survey out of a cohort of 50

17 Student experience (contd.) Law students voluntarily offered feedback all of them reported that they had enjoyed the experience and had learned something Main learning outcomes were:- they had found it a useful experience to actively cross-examine an expert witness they had learned some useful computer jargon hitherto not part of their Law studies they had learned that computer based crimes could be difficult and complex to understand 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk17

18 Conclusions We have discussed the development of the course work for the core course Computer Crime and Forensics and the innovative way that we assessed that coursework. The three parts of the coursework, which were the analysis of the evidence, the report writing and the presentation as an expert witness have been discussed. The student experience has been reported, which was very positive. In the Annual Student Survey, 86% of the students said that they would recommend this course to a friend. 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk18

19 Conclusions (contd.) Our PBL approach has proved to be a success in the teaching of computer forensics. Our three tutor approach to the teaching has also contributed to making this new discipline a success. We intend to continue with this paradigm and, build upon it with more facilitation sessions and more in depth follow up questions. We also intend to strengthen our links with the Law Department in order to enhance the contribution of the Law students. 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk19

20 The end Any Questions? Opinions? Suggestions? All welcome! 25/04/2014By Dimitrios Frangiskatos, fd26@gre.ac.uk20

Download ppt "Teaching Computer Forensics The Development of Challenging Assessments for Computer Forensics Students Diane Gan, David Chadwick, Dimitris Frangiskatos."

Similar presentations

The Teacher Foundation A Look at the Evaluation Process by The Teacher Foundation (TTF)

The Teacher Foundation A Look at the Evaluation Process by The Teacher Foundation (TTF)
The Benefits of Utilising Problem Based Learning (PBL) in a Nurse Practitioner Curriculum Annaliese Willis Helen Ward London South Bank University, UK.

The Benefits of Utilising Problem Based Learning (PBL) in a Nurse Practitioner Curriculum Annaliese Willis Helen Ward London South Bank University, UK.
Embedding Assessment of Student Learning Outcomes in Regularly Scheduled Assignments Dr. Larry H. Kelley Auburn, Alabama

Embedding Assessment of Student Learning Outcomes in Regularly Scheduled Assignments Dr. Larry H. Kelley Auburn, Alabama
What is an ITP? Individual training plan What is an ITP for a Goldsmiths PGCE student? Progress check, a record of achievement, a log of experiences,

What is an ITP? Individual training plan What is an ITP for a Goldsmiths PGCE student? Progress check, a record of achievement, a log of experiences,
Developing employability skills in science using problem- based learning Derek Raine Director i-Science Centre Sarah Symons Project Manager Project LeAP.

Developing employability skills in science using problem- based learning Derek Raine Director i-Science Centre Sarah Symons Project Manager Project LeAP.
QAA Enhancement Themes Conference Heriot Watt University Wednesday 5 th March 2008 Poster Presentation by Mhairi Freeman (lecturer), Sally Michie, Stephanie.

QAA Enhancement Themes Conference Heriot Watt University Wednesday 5 th March 2008 Poster Presentation by Mhairi Freeman (lecturer), Sally Michie, Stephanie.
Conducting an Employability Audit Sharon Gedye & Brian Chalkley LTSN-GEES.

Conducting an Employability Audit Sharon Gedye & Brian Chalkley LTSN-GEES.
Innovation in Assessment? Why? Poor student feedback regarding feedback timeliness and usefulness Staff workloads Student lack of awareness as to what.

Innovation in Assessment? Why? Poor student feedback regarding feedback timeliness and usefulness Staff workloads Student lack of awareness as to what.
Www.derby.ac.uk BUSINESS, COMPUTING AND LAW Digital Forensics – The Next Four Years – A Strategic Discussion Harjinder Singh Lallie (Programme Leader/Subject.

BUSINESS, COMPUTING AND LAW Digital Forensics – The Next Four Years – A Strategic Discussion Harjinder Singh Lallie (Programme Leader/Subject.
Auditing Subject Knowledge in Initial Teacher Training using Online Methods.

Auditing Subject Knowledge in Initial Teacher Training using Online Methods.
Welsh Assessment and Feedback Practitioners Event Tuesday 5 May 2009 Assessment of Problem Based Learning in Initial Teacher Education and Training Russell.

Welsh Assessment and Feedback Practitioners Event Tuesday 5 May 2009 Assessment of Problem Based Learning in Initial Teacher Education and Training Russell.
Effective Learning: Lecture 1 Learning Strategies With thanks to David Smith.

Effective Learning: Lecture 1 Learning Strategies With thanks to David Smith.
Teaching Computer Forensics at a Distance HE Academy Workshop on the Teaching of Computer Forensics University of Glamorgan, 27 November 2008 Blaine Price.

Teaching Computer Forensics at a Distance HE Academy Workshop on the Teaching of Computer Forensics University of Glamorgan, 27 November 2008 Blaine Price.
Making a Competitive Application

Making a Competitive Application
Strengthening the Problem-Solving Abilities of Our Students Emma Carberry, School of Mathematics and Statistics.

Strengthening the Problem-Solving Abilities of Our Students Emma Carberry, School of Mathematics and Statistics.
Good Salespeople johnpc ltd: www.johnpc.co.uk1 John Cunningham.

Good Salespeople johnpc ltd: John Cunningham.
Flexible Assessment, Tools and Resources for PLAR Get Ready! Go! Presenter: Deb Blower, PLAR Facilitator Red River College of Applied Arts, Science and.

Flexible Assessment, Tools and Resources for PLAR Get Ready! Go! Presenter: Deb Blower, PLAR Facilitator Red River College of Applied Arts, Science and.
Applying Psychology to Teaching

Applying Psychology to Teaching
Advanced Spectroscopy and Forensic Analysis Enhancing Student Engagement, Skills and Practical Experience Through Project-based Learning Dr Falko Drijfhout,

Advanced Spectroscopy and Forensic Analysis Enhancing Student Engagement, Skills and Practical Experience Through Project-based Learning Dr Falko Drijfhout,
Enhancing Academic Practice Nigeria Role of Newcastle University.

Enhancing Academic Practice Nigeria Role of Newcastle University.

Similar presentations

Ads by Google