UA Little Rock Students Learn Digital CSI Skills
A UA Little Rock classroom recently could have passed for a crime scene in the popular television show “CSI.” Students in the Digital Forensics class were met with crime scene tape, markers, evidence bags, and inventory sheets. The most conspicuous thing missing from the “crime scene” was the body.
That’s because UA Little Rock students were learning how to solve digital crimes, rather than murders. Becky Passmore, assistant professor of cybersecurity and cyber investigator with Kroll, Inc., set up four crime scene scenarios where the evidence of crimes could be found on computers, hard drives, cell phones, thumbdrives, CDs, and other electronic devices.
UA Little Rock students were tasked with using digital forensic kits to assess the scene of the digital crimes for evidence collection. Students conducted the normal tasks of law enforcement officers at a crime scene, such as taping off the scene, identifying and collecting evidence, taking photographs, and maintaining the proper chain of custody.
“It was nice to see the process step by step for the first time to see what it would be like working in the field with the tools as a team,” said Lisa Hill, an information assurance major. “My favorite part was describing the layout of the crime scene and trying to figure out what crime has been committed.”
With digital crimes, the students were tasked with documenting the information on any electronic devices that were up and running on scene, identifying the programs and processes that are running, and preserving as much evidence as possible while preventing further crimes.
The tasks can be tricky, according to Passmore, who has 17 years of experience as a senior digital forensic examiner with the federal government. Imagine that someone has hacked into a company’s network and is stealing their files, or a person has remotely accessed a phone in your custody and is deleting files. The investigator must disconnect the connection as soon as possible to stop the crime or prevent the deletion of evidence, but they also risk the loss of evidence if the electronic device is programmed to encrypt or wipe its data once it’s disconnected.
“When you are preparing digital evidence forensically, there is a methodology and a process to it,” Passmore said. “You take volatile evidence and assess it first, such as a cell phone that is on or a computer that is up and running. This class prepares students to work with law enforcement agencies or any organization that has a digital incident response team.”
People will go to great lengths to cover up or destroy evidence. Passmore said she’s encountered crime scenes where people have shot computers as well as tossed them in bathtubs, lakes, and fires.
One of the student teams disconnected a running computer from their digital crime scene by placing it on airplane mode.
“It gives us some hands-on experience with digital forensics techniques,” said Ryan Ebsen, a senior computer science major. “We are simulating investigating a crime scene, cataloging evidence, and how to preserve the digital evidence.”
