Professional Documents
Culture Documents
Isearch
Isearch
Introduction
Every single day, even right now, as you are reading this, some sort of cybercrime has
been committed. Whether it be a credit card company or a celebritys cell phone being hacked,
or perhaps the government gaining intelligence on other countries. Cybercrime, especially with
the development of technology, in recent years, has increased. Directly leading to the emergence
of digital forensics, the uncovering and examination of evidence located on all things electronic
with digital storage, including computers, cell phones, and networks (Garfinkel, 2013). Due to
this field being so new, more research needs to be done and this field has yet to implement
concrete standards. Each cyber forensic scientist can solve a case in various ways.
In 2016, around 40% of the world or more than 3 billion people have access to internet
compared to a measly 1% in 1995 (Internet Live Stats, 2016) showing how easily accessible the
internet is now more than ever before. The risk of malicious attacks on the internet and cyber
space has also increased more than ever before, especially when it pertains to money and
2
politics. An example of a personal attack of cyber security breach would simply be a hacker
breaking through the security firewalls of your phone, enabling them to control every bit of your
phone. Hackers of this caliber usually want one thing only money. Therefore, their usual
scheme is to dial and redial a premium phone number such as a 1-800 telephone number, the
hacker then gets a cut of the charges, wiring the money to their own accounts. If done discretely,
victims would never know, however if a hacker could do this to multiple phones simultaneously
the money adds up quickly, as high as $200,000 per company hacked over the course of a few
On a national level, the bank Wells Fargo was found to have had employees illegally opening
unauthorized deposit and credit card accounts to boost sales figures luring in stock market buyers
(Tara, 2016). However, using the analysis of digital forensics and a Wells Fargo audit, the truth
was revealed. On the political and global level, American intelligence agencies have informed
the White House that they have high confidence that the Russian government was behind the
hacking of emails and documents from the Democratic National Committee, however, what is
unknown is whether the break-in was a routine cyberespionage which most countries including
the US conducts around the world or a deliberate manipulation of the presidential election
(Sanger, Schmitt, 2016). There have also been even more threats about perhaps more
manipulation from Russia, this time during the actual election day and the threat of changing
votes of Americans. With these possible breaches looming the role of digital forensics is
imperative.
With the growing epidemic of cybersecurity breaches, the opportunities for the field of
digital forensics grows with it. The need for specialists have been high and has been growing
each year. The 2012 US Bureau of Labor Statistics showed that forensic experts in computer
3
information could have an impressive growth within the next 10 years. They projected a 22%
increase for job opportunities for people working in the field, that could mean 120,000 new jobs.
Furthermore, the government itself willingly funds college programs during the summer to
spread awareness of the importance of cybersecurity and to hopefully get more young
At this camp, the professors discussed the real-life implications of any cybersecurity breach.
Many programs were taught to us to battle any data breaches and to decipher any hidden
information so only a certain person can decipher the message. General computer skills were
also such as coding via the Python language as well as general computer safety.
With this capstone product, I would like to create a product that could give my fellow
Ocean Lakes students the same experience I had during the summer. I plan on creating an
interactive website that I will present to a computer class. I intend for them to be exposed to this
whole field of digital forensic, hopefully walking away with an idea that this field exists and is
thriving as well as in desperate need of young individuals with already great general computer
science and each of my past symposium projects have pertained to forensic science. I know the
basic facts of forensic science. I know that one of the first times that forensic science was ever
utilized was in ancient Rome with Roman Quintilian used a bloody print to prove his clients
innocence. I know how vast forensic science is with many disciplines such pathology,
psychiatry, and toxicology to name a few. However, what I want to accomplish now, beyond the
4
facts, is to create a product that will give the same type of lightbulb moment I had during the
to July 1, 2016. The purpose of the academy was to provide a foundation of knowledge to
interested students about the very fast-moving industry of cybersecurity. The government funded
this camp due to the need for young students to get involved early because of the numerous
cyber threats the government receives every day. There is an emphasis to get young students
involved because our generation has been accustomed to using computers and we already have
type of computer evidence left on the scene of a crime. Cryptography deals with how to disguise
information so only authorized personnel may see it. We learned that combining substitution
(letter replaced by different letter) and permutation (letter moved to different position) would be
the best way to encrypt anything. Essentially when someone wants to encrypt a message through
email or anything that needs to be written out, they can have a code shifting either left or right.
A message hello tom with a right shift of 3 would end up being khoor wrp.
A similar idea of hiding images in files is when a carrier is sent to a receiver without
anyone but the sender and the receiver knowing. This is done to hide information, give secret
information to friends, and commonly used by the government and companies. This is called
steganography and the programs used to perform this was also taught to us via tutorials that
explained the step by step process. Through the carrier, WinHip, one must create a new file with
notepad, open a picture in WinHip, the program will hide a message in the picture, an added
security of a password. With QuickStego, like WinHip, a picture must be opened and a message
should be typed into the program so that it may hide it in the picture. The only significant
5
difference with the two is that WinHip has an added security of a password and in QuickStego
you do not need to type your message in notepad but into the program itself.
We were taught by Dr. Luay Wahsheh of the number system conversions which is the
language of numbers used to communicate what you want the computer to do. We learned
how to convert from one system to another. From decimal to binary you must divide by 2, from
decimal to hexadecimal you must divide by 16, from binary to decimal you must multiply 2 to
whatever exponent necessary then add and finally from hexadecimal to decimal you multiply 16
explored different types of programs and their purpose to a cyber security analyst. With
WinHex, the activity made me familiar with the different file types, this software allows you to
put in any file and helps you really determine what type it is because sometimes criminals will
deliberately change the file name to disguise it from investigators. For example a file type that
has .jpg will always have the code of FF D8 FF E0 but a criminal attempting to hide this image
would change it to a .doc file but the code will reveal the truth. Using FTK will maintain the
integrity of digital evidence, creating an image allows you to create a whole other copy of the
flash drive therefore investigators can delve into and change that instead of manipulating the
original piece of evidence. It is essential to create a copy of each acquisition. The procedure of
computer forensics goes as follows: collect, preserve, analyze, and present. We maintain the
integrity of digital evidence using the MD5 function in FTK Imager so that the digital signature
of a file or an entire drive can be obtained. This helps determine whether the file has been
modified of not. Hash box is also very essential, every time there is a piece of evidence this
learned all week to retrieve the grades and convict the correct criminals. The premise of the case
6
was some of Mr. Moores grades had gone missing and all his files had been deleted, however
we knew that although a file could be deleted, there is a possibility for retrieval. Therefore,
using QuickStego we were able to intercept a hidden message in a picture and using that as piece
of information we were able to use Caesar Cipher and figure out the password to an email
account that had the culprits plan all laid out. We were able to identify the suspects and
and the incredible professors teaching. I enjoyed talking to fellow students about cyber security
and it was a bit of a glimpse to college life. Through the camp, I got a solid foundation and grasp
as to what those in the cyber security industry do and how they do it. I also think that with the
information I have gained, I can really build up and create a great product.
Another program I attended was the GenCyber Security Summer Camp at Norfolk State
University from July 5 to July 15, 2016 from 9 am to 4 pm. This program was a much more
vast. It delved into the ideas of general computer ideas and computer science. We learned about
computer programming and coding in general. This was also funded by the government, again
department chair of the Computer Science department, Dr. Aurelia Williams came in and talked
to us about how important it is to be aware of the ethics that come within using the internet and
how at times with the job, ethics can be compromised. She described scenarios where a persons
privacy is breeched because of an ongoing situation and she also reiterated how nothing can ever
be deleted, even once you delete a file, it can be retrieved in many ways. The reasons why we
use cyberspace include communication, staying connected to friends and family, business,
managing transportation, electricity, banking, and for entertainment purposes. We then were
7
networks, programs, and data from unintended or unauthorized access, change or destruction.
To continue delving further into cybersecurity, we learned about the ten topics within it.
There is cybercrime which is any criminal activity carried out by means of computers or the
internet. Email security refers to the collective measures used to secure the access and content of
an email. While identity theft is the fraudulent acquisition and use of a persons private
identifying information, usually for financial gains. We also learned about copyrights which are
laws that protect an authors original expression in creative works such as writings, music,
movies, art and other works of the imagination. Cyber ethics was also talked about which is the
code of behavior for using the internet, similarly we talked about internet safety which states that
it is imperative to avoid individuals who have negative intentions. Other topics include E-
commerce, the using of the internet to do business such as buying and selling goods and services
online. There is also digital photography which is using digital technology to capture and
process images which is similar to the other topic of online communication which includes
chatrooms, instant messaging, and text messaging. Finally there is the topic of cyberbullying
which is bullying through internet applications and technologies such as mentioned with online
communication. We were then divided into groups and my particular group presented the topic
of cyberbullying.
The next day we were taught about the 10 principles of Cyber Security. Resource
encapsulation is the idea of combining elements to create a new entity. While layered security is
combining multiple security controls to protect resources. Information Hiding is hiding the
summarizing in a way that can be easily understood. Simplicity is the concept keeping software
number of ways it can be exploited. Another principle is domain separation which is a way to
separate data into logically-defined domains. Modularization is the degree to which a systems
components may be separated and recombined. Process Isolation is the segregation of different
software. And finally, least privilege is the practice of limiting access to the minimal level that
language of Python. We used an online program called Code Academy which included tutorials
and interactive activities. The basics of Python was introduced to us. There are variables used to
store values while whitespace is used to structure code. There is also a string which includes
letters, numbers, and symbols. Each character in the string is assigned a number which is the
index. Sting methods allow the person who codes to perform a specific task for that particular
string. For example you would type lower(number of particular string) to get rid of all
capitalization in the string. These principles, topics, and coding concluded the first week of this
camp.
The second week focused specifically on cybersecurity, we learned about the programs
that help find evidence much like what I did in the first camp. We discussed cryptography
through Caesar cipher, steganography through QuickStego and WinHip, how to acquire and
verify data through WinHex and FTK Imager. Much like the previous camp we had to use our
acquired skills and help solve a case. This time though, someone had stolen the money needed
for the students to eat their lunch in the caf at NSU. We tracked down emails, and purchases
from a certain computer using that money and we were able to find the culprits.
Within the week we also had guest speakers who talked about the importance and
emergence of cyber security. Mr. Darren Spence, a forensic examiner, was our first guest
speaker. He provides service to special agents, works for Computer Analysis Response Team
(CART) and what he experiences is nothing like you see on television. He stated that the US
9
governments 3rd priority now is cyber security. His responsibilities include managing lab
equipment, staying current on technology, community outreach and also works with cybercrime
officer at NSU. He is in charge of making sure the internet is running smoothly as well as
making sure the students are staying safe on the internet. He encountered a dilemma a couple
years ago in which HBO filed a lawsuit against a student for illegally downloading a Game of
Thrones episode and breaking copyright laws. He had the task to further look into the student
and found many songs and movies illegally downloaded. The case was settled but the student
had to pay approximately $22,000 for a song and $250,000 for a movie.
Our final speaker was a young entrepreneur, Mr. Deshaun Jones, who currently works for
a shipping company in Norfolk. His job is to keep their website safe and free from any threats.
He protects the computers network from unauthorized access, vulnerability and attacks. He
plans on establishing his own cyber security company providing a safe environment for
companies and people. He mentioned how much the field is growing because of the ever-
changing ways of technology, there is about a 11.3% annual growth rate in the field and one of
the many reasons is the roles vary in cyber security, you can work for a retail company,
businesses, the government, everywhere you look there is a need for a safe cyberspace.
I think the first week of the program was very helpful especially learning coding and the
fundamentals of computer science and digital forensics. However, the second week essentially
repeated the previous camp. Although repetitive, it did help solidify my skills and I was able to
help out my peers a lot. This camp was for middle school and high school students so compared
whole plan was to use the web language Python to create the site, however I later found out that
10
the easiest way was to just use notepad and write in HTML. The hardest part for me was nailing
the interactive part of my product. I had this whole vision of me recreating Code Academy and
letting my audience have a go at coding, however I did not have the ability to do this. I had all
these ideas that werent really plausible with the set of skills I had. I needed to re-evaluate the
situation and make a product that did fit the set of skills I had.
With HTML, I was easily able to have the basic outline of my website. I knew I wanted
5 pages to truly capture the essence of the camp as well as cybersecurity. The home page
includes a little introduction of the purpose as well as a little information about myself and my
experience. Then the next page, titled Relevance showed the importance of cybersecurity in
our society today. To further prove this, I included current events, as well as events that effect
people locally, nationally, and even globally. Next, I titled Sneak Peek to which I give the
audience a general idea as to what the camp was about. Then for the next page I titled
Implications which talks about the future of cybersecurity and what it holds for students, to
prove the point I added a little snippet of the live count of how much internet users are growing
showing the direct correlation of the need for cybersecurity and the count. And finally, to
incorporate a little interactive part of the website like I originally planned, I had the idea to create
a quiz for the audience to take and see if they are ready and if they should go to the cyber camps
at NSU. Again, I came across some trouble with trying to directly create it in the website. The
type of quiz I wanted to incorporate was a checklist quiz like on Buzzfeed. So instead of coding
a quiz directly into the website, I created a Buzzfeed account and made a quiz that way, then
Lakes. However, the first due date, I was not ready because of the difficulty I had with the
coding and interactive parts so I wasnt able to present. Then going into the winter break, I got
11
in contact with my peers from the camps in which we all greeted each other happy holidays. That
sparked an idea for me to create a website specifically for NSU. So, that I may advertise the
camps through which I can share my experiences as well as the significance of cybersecurity to
those who are interested and in addition to that I get to dip my foot in a little bit of web
designing.
The hardest part for me throughout the entire journey was time management and just
committing to one audience. I always almost had everything finished, but there was always a
missing piece. My website was ready but there was an interactive piece that I just couldnt quite
figure out. My paper was ready but the conclusion was missing. I know I should have managed
my time better and committing to an audience would have extremely helped. I knew that my
eventual product would be a website, it just wasnt clear as to who my audience was. The entire
purpose of my product is to inspire and encourage those who are interested in computers to really
see what cybersecurity had to offer. Like mentioned before, the original plan was to present to
my peers in Ocean Lakes, but I ended up creating a website for NSU promoting the camps. I
think that I made the right decision because I really wanted to give back to the organization of
NSU as well as my mentor, Dr. Cheryl Hinds. I think having this website can really show kids
interested in the camp what its all about from a student perspective. I also believe that I would
not have been able to sufficiently entice my peers if I did present to them my website. I know
that most of them already knew most of the information so I thought long and hard about what I
was most comfortable with and what need I could better fulfill, and I decided my audience would
sent her a website that I created while she provided me her comments and suggestions as to what
I needed to do to make it better. I did have some grammatical errors on the site. There were also
12
a couple of images that she didnt believe were needed or related but the rest were. She also
suggested in making the website more personal so she offered to give me the pictures taken
during the camps. There was also one embedded website that did not work so I had to fix it.
With this feedback, I realized even more, how important the visuals of a website are. If you want
your audience to truly grasp what you are saying, the website must be aesthetically pleasing.
Dr. Hinds also suggested changes for not only the aesthetics but also the actual content.
For the part in which I titled Sneak Peek she recommended that I state what we learned and
what we did in each camp since my description was quite vague. Also for the web page titled
Implications she encouraged me to give more statistics about the job outlook of the
cybersecurity industry. To really make a website work, I needed it not to only be visually
appealing but the content also needs to grab the attention of the audience as well as engage.
With the feedback she gave me, I followed her suggestions which made the website much more
made. But furthermore, I am proud of the experiences I had during it all. I have gained so much
knowledge inside and even more so, outside of the classroom. With this journey, I have gained
amazing friends who hold the same interests as me and will always check up on me from time to
time. I have also gained a person I can look up to and will always be grateful for, my mentor, Dr.
Hinds.
As for the future, I envision myself taking computer science classes as well as computer
programming or web development in college. Which at the very least, I will take those classes as
an elective. I am not 100% sure on what my future has in store for me pertaining to my school
choice or major, but I absolutely believe that I will be involved in computer science and
References
Forensics Scientists Career Outlook & Salary Info. Retrieved from
http://www.forensicscolleges.com/careers/forensic-scientist
Garfinkel, S. (2013, October). Digital Forensics. Retrieved from
http://www.americanscientist.org/issues/pub/digital-forensics
Internet Live Stats. (2016, October). Internet Users in the World. Retrieved from
http://www.internetlivestats.com/
Perlroth, N. (2014, October 19). Phone Hackers Dial and Redial to Steal Billions. Retrieved
from http://www.nytimes.com/2014/10/20/technology/dial-and-redial-phone-hackers-
stealing-billions-.html?_r=0
Sanger, D., Schmitt, E. (2016, July 26). Spy Agency Consensus Grows That Russia Hacked
consensus-grows-that-russia-hacked-dnc.html
Seals, T. (2016). Wells Fargo Pays Largest Consumer Fine in US History. Retrieved from
http://www.infosecurity-magazine.com/news/wells-fargo-pays-largest-consumer/
14
Appendix
This page shows how significant and relevant the industry of cyber security is and to show this,
current events are included.
16
To give the audience a little taste as to what the camps at NSU were like, this page was created.
It states some of the topics covered in each camp.
17
This pages purpose is to give students an idea as to how the field is significantly growing and
continues to have a bright future. Statistics of growth as well as salary of those in the
field are provided.
18
The final page is an interactive quiz in which the picture can be clicked and will redirect the
students to a Buzzfeed quiz that determines if you would be ready for the camps.
This is an example of the coding done for the website in note using HTML to create the website.
This was the coding done for the home page.