Three times every year I get the pleasure of teaching a course that you may describe as a "capstone" course, sometimes "capstone project." Either way, it's a course that serves as a capstone in the masonry sense that it is a culmination of a degree program, to wit a master of science in digital forensics. When a stonemason constructs an arch its structure demands a capstone at the apex. It's the final piece at the arch's top center, and practically locks all the other pieces in place. Likewise, the graduate degree program I oversee includes such a course, which tests students on their abilities to call upon an entire curriculum of study, apply it, and create a final project. For the sake of trivia, I never entitle the course with the "capstone" nomenclature, though the metaphor stands (like the arch if properly built). It's simply the Digital Forensics Project.
For me, it's so engaging and fun. For students, and despite their proclivity to share positive notes while awaiting a score in such a course, they too have regularly expressed how intriguing and enlightening the project is. You too will find it interesting if you've ever considered trading technologies in the used marketplace, such as buying other's gear or selling your own to finance an upgrade perhaps.
First, let me share a glimpse into the coursework that these advanced students bring to the table when embarking on the project. They come into the program with various technology backgrounds, from rote techies who code and program to non-techs with science backgrounds, business, real estate, many cops, all walks really. They take nine or 10 courses surrounding the field of digital forensics, which basically is a discipline not too different from the forensics you see in TV shows or movies. Some negative incident goes down, murder on a TV show, or hacking in this arena. Then, forensics smarties arrive at the scene and cordon it off. Again, in movies, it's usually demonstrated with yellow police tape. From there, the similarities continue: back and document the evidence; analyze it in a lab setting via the scientific method, use special tools and techniques to find "the truth," always the goal of forensics. Students in the program take courses on browser forensics, Windows forensics, malware analysis, and evidence gathering. They learn to get into phones and mobile devices. They gather scores of digital investigative tools along the way, and are treated to communications skills to survive a witness stand.
Project students get an opportunity to go through the process in as close to a real-life scenario as I can bring to bear in an academic setting. My "law firm" hires them to serve as a digital forensics investigator in order to advocate for my client, one side of a marriage dissolution dispute. She's given me, therefore the student, legal access to her family's laptop and devices. We want to discover as much potential evidence that supports her claim as possible. Now … [to the student] … Go!
Here's where your world may be implicated, or why you should be on guard. Students go into the open market of used technology for sale to purchase at least two drives. If you're a savvy information security operator, I mean truly savvy, you won't find yourself on the selling end of that bargain. If you know just enough to be dangerous, you'll sell your iPhone 6, Windows 7 machine, or such, but only after "deleting" the data. Notice I put the onerous quotation marks around "delete" because that's where my students enter the equation. Sure, you think you delete information. Guess what? Not that cut-and-dry.
Digital forensics specialists, my students included, have gobs of tools and tricks available that see what you thought they could not. To boot, the vast number of sneaky tools are open source, which for the uninitiated means free. That's right. Some of the most eye-popping software applications that can find what you thought never could be found don't even cost your hard-earned scratch to use. Deleted an email? Uhh … I beg to differ. Wiped your internet browser history? Betcha didn't really wipe it. There are ways to truly, forensically remove ones and zeroes. But, yet again, many of those are surmountable with counter-tools. It's a veritable arms race.
What do these students innocently enough find? I've had to notify law enforcement authorities and CEOs with those exact responses. Personal information out the ying-yang. Financial information? You betcha. Criminal conduct? Yep. Medical? Embarrassing photos? Mobile device backups with their piles of data and texts? On and on and on. And, how arduous was it to uproot? Nothing to it.
To me, these issues are evident. Anything that's got the capacity to hold data also has the faculty to show it to others. Professional investigators in this space know that. I've personally witnessed countless criminal cases being investigated where appliances, cars or trucks, WiFi routers, tablets, phones, and again anything that can store data has been dug into to find evidence. That's not even mentioning social media accounts and apps, and likely anything else that you can drum up in your mind's eye.
Sure, getting at your private information might need to surmount the legal challenges that stem from Constitutional protections. But, once you've shipped your eBay item off to have $47 dropped into PayPal, you effectively gave up those protections. So, as per usual when I kick around the fears and burdens of modern technology, what's a goodly user to do?
First, I suppose, you should not sell anything that stores important information. I have somewhere in a random box of office stuff an iPhone 3. Why? Not for nostalgia. It's because I'm reticent to put the data into the marketplace. Come to think of it, maybe there's no "Secondly … " to list.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at email@example.com.