BCS - Computer Forensics

For some time, I've been working towards a post graduate degree through the Open University. It's hard work, particular after a long day when all you want to do is switch off and relax. However, I find the courses fascinating and of help to me in my daily work, so I keep on working on it.

The last course I did was particularly interesting - Computer Forensics and Digital Examinations. This is a very technical issue, but it also requires an understanding of legal procedures. It isn't enough to say "I found so and so", you have to demonstrate that the evidence is relevant, accurate, consistent and to present it in a way that non-technical people can understand it. I found it all really interesting, if not totally linked to my daily job.

So when the BCS South West indicated that they were holding an evening event and the topic was Computer Forensics, I jumped at the chance to attend. It was at the University of Plymouth, which is a really nice venue, if a little bit of a trek to get to from where I live. The speaker was a visiting professor, John Haggerty from Manchester and the presentation was lively and informative. The actual notes should be available at this link. http://www.bcssouthwest.org.uk/server.asp?page=pastevents

For me, the presentation covered most of the items that I has previously studied and it was really good to refresh my memory. It was also interesting to see that after such a short time since I did my course, there are a number of changes that have occured and the discussion after the talk highlighted some of the issues facing practitioners in that field.

One thing that is of interest - Digital Forensics is a field that is wide open for people to move into. However, there are a lot of people that think just because they have a small amount of experience in running a computer, they think they know what to do to examine it. Professor Haggerty referred to this as the "CSI" affect - people see the TV shows where someone drives an expensive car, goes to a pristine work space and in half an hour recovers all the require information to solve the case (and the impossibly attractive woman is suitably impressed by the display of brain power!).

In reality, Forensics is a long tedious job. Everything has to be documented, step by step and assumptions made have to be justified. There are a number of practioners that have had their reputations destroyed by a simple mistake, and once that happens, they are unlikely to be able to work in the field again.

As the technology moves on, the process of the examination gets harder - I can remember when I bought my first hard drive of 20 MB and I wondered how I would ever fill it up. I now regularly work with physical hard drives of 500 GB and logical partitions of over 1 TB. To properly analyse and document such a drive can take a very long time and new tools are being developed to try to make the analysis easier, but it still requires considerable patience.

But all in all, a great evening - a fascinating topic, well presented. An dfor those IT people that think the BCS is only for academics, I would strongly suggest that you go along to one of the (free) events - I'm sure that you'll change your mind.