vnunet.com analysis: OU tackles computer forensics

Fears of corporate espionage, malicious staff and disputed trade deals has led to the Open University's first course on computer forensics to be heavily oversubscribed.

The post-graduate Computer Forensics and Investigations course starts today, and prospective students have been bumped to the November 2008 course since March.

Concerns over untrained IT staff destroying important evidence has fuelled interest in the course, which is intended to provide an introduction to digital evidence collection, forensic computing and IT incident management.

The course is described as enabling people to know what to do as the 'first responder' in the initial stages of an investigation. The view is that these cases may form the basis of criminal or civil actions.

Specially commissioned material has been written by Professor Peter Sommer, a legal and technical expert in the field, who has acted as an expert witness in cases ranging from terrorism and fraud, child abuse and hacking to corporate espionage, defamation and murder.

"One of the problems I and others have noticed, particularly within organisations, is that evidence that might have existed in computers gets wrecked the first hour or so after something has been discovered," said Professor Sommer.

"People just do not know what they are doing. They are floundering and destroying evidence."

OU students have already received a sealed replica of a police evidence bag as part of their course material. They can open it only when they have learned the skills to handle the evidence correctly.

Blaine Price, an OU lecturer and course chairman, said: "We will spend the first three weeks drumming in what it means to be forensically sound.

"A first responder is like a first-aider: you need someone who knows not to move the patient. That is the level of this course."

As well as using computer forensic tools during investigations of specially prepared scenarios, and reviewing landmark digital crime cases, students will be taught that understanding legislation is an important component.

Students need to get to grips with the Computer Misuse Act and the Regulation of Investigatory Powers Act, among others.

One of the cases students will look at is the 2005 conviction of computer consultant and penetration tester Daniel Cuthbert.

Cuthbert had gained unauthorised access to the Disaster Emergency Committee's Tsunami fundraising website, but claimed that he was checking to see whether the site was legitimate and sufficiently secure to hold his financial details.