Students learn important secrets behind cyber forensics

  • Comments
  • Print

If any computers or smartphones were to be confiscated during the investigation of recent identity thefts at Ball State University, BSU instructor Vinayak Tanksale's students would know what to do before examining the evidence.

"Let's say you go to the crime scene and have a warrant to take this computer back to the lab," he tells students enrolled in a digital forensics course.

First, you photograph it from all angles, including anything on the screen and any cards plugged into it. Then you take it to the lab and make a copy of the hard drive.

"You never actually work on the hard drive," he says. "That's like working on the murder weapon. You make a copy of the hard drive to investigate. You never want to touch the original one. If you change a single zero or one on the hard drive, that is tainted evidence … and your whole case may go down the drain."

Tanksale instructs students not to remove a smartphone from a crime scene unless it's placed in a Faraday cage to prevent connectivity to cellular networks. "If you walk away with a cellphone or smartphone, what if someone sends a text message to it?" Tanksale says. "A smart defense lawyer can say it was modified after you picked it up."

About 60 current Ball State students are digital forensics minors, according to criminal justice and criminology department chairman Greg Morrison. Required courses include criminology, policing, criminal evidence, criminal law, computer science, computer security, digital forensics and geographic information systems.

"I talk about the different threats and investigative techniques," said Tanksale, whose course includes lectures and labs where students search for a needle in a haystack containing gigabytes of data from real computer hard drives.

Identity theft is one of the threats, as at least 140 Ball State faculty and staff have learned recently. Their Social Security numbers were stolen and used to obtain fraudulent tax refunds in their names.

Other crimes that could be investigated by some of Tanksale's students in the future include credit card theft, cyber stalking through social media, industrial espionage, child pornography, script kiddies ("high school students who may want bragging rights that they can take down or deface websites"), state-sponsored hacking and phishing, the instructor said.

"An investigation is underway, but it looks like some sort of phishing attack, where an insider could have fallen prey to it and the hackers got in, took control of their office computer and used that as a launching pad to get more information," Tanksale says of the data breach that affected Ball State employees.

More than 90 percent of cyberattacks begin with a form of "social engineering," aka cyber con game, known as "spear phishing," Paul Buis, chairman of computer science at Ball State, told The Star Press of Muncie.

"Someone gets tricked into opening an attachment to an email that contains malware that slips past the malware detection systems on both the email server and on their own computer," he said. "If that someone has access to sensitive data, the hacker now has access too."

Instead of casting out thousands of emails randomly hoping a few victims will bite, spear phishers hack into a computer network or comb through websites, blogs and social networks to get some inside information on their targets to convince them emails are legitimate, according to the FBI.

Tanksale's students can become certified as forensic examiners of desktop computers, but BSU does not offer a specific undergraduate degree in digital forensics. Neither do Indiana University-Bloomington, Purdue University-West Lafayette, Ivy Tech Community College or Indiana State University, spokespersons at those schools told The Star Press.

However, students at Purdue can earn a doctorate with a specialization in cyber forensics or a master's specializing in cyber forensics, homeland security, and information systems and privacy.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.