Project 5: Workforce Development in the post-pandemic new-normal

Leads: Drs. Iyengar, Ross, Col Miller (FIU)
Co-Leads: All PIs and Co-PIs

Introduction

In developing the workforce, we propose as our first task to analyze and develop pathways for motivating, recruiting, training, and maintaining minority and underrepresented students to aspire to government service, especially in digital forensics, cybersecurity and STEM areas. Each university currently has a pathway forward for their students and the projects they will be undertaking (see Appendix 1. Recruitment and Assessment). We will investigate the efficacy of these programs and provide collaborative workforce education and training through academic year research, summer programs, educational curriculum, seminars and workshops. We will optimize he use of Zoom video conferencing, Microsoft TEAMs, and other virtual presence opportunities, as well as each university’s “Lessons Learned” during the COVID-19 pandemic to build a responsive research community and participate together in all aspects of the university educational, research and training experience. Mentors from business, industry and government will participate in these sessions to help develop mentoring relationships across the FINDS Research Center for students, as well as faculty at all levels.

Faculty and Student Research Collaboration

During the Academic Year, undergraduate and graduate students at each of the universities will be engaged throughout the academic year in project research for the program as outlined in this proposal. Faculty members and students from each of the participating universities will meet via Zoom or other virtual means monthly to collaborate on the research, discuss progress of the research projects and to exchange information on courses and mentoring, including discussion of US Army opportunities and government/industry workforce opportunities upon graduation. This will include recruitment of other undergraduates and Masters/Ph.D. students and encouragement in support of minority students in research programs to seek ARL/AFRL summer internships and future employment. They will be introduced to digital forensics, as well as the role of DoD researchers and practitioners. Skills will be developed by hands on learning.

 

Summer NFSTC Training Week in Applied Digital Forensics (Selected Students & Faculty)

Five selected students and their faculty members will be hosted by the NFSTC (a part of FIU) in Largo, Florida, for one week to complete an intensive, hands-on training program. The activities will include; Day 1: an introduction to digital forensics and an overview of digital forensic triage and tools; Day 2: analysis: utilizing ftk, magnet axiom, and autopsy to analyze the imaged media device. After analyzing and tagging items of interest, the students will create reports. Day 3: Drone data extraction – Cell Phone Forensics using XRY, Cellbrite and other tools to perform extractions, bypass pins, retrieve data, etc. Day 4: Students will perform network forensics to capture and analyze data. Day 5: Students will perform image and video forensics, by capturing, extracting and analyzing data. Upon completion of this training, the students and faculty will join the 4-week summer program at FIU (if pandemic conditions permit) or attend a virtual 4- week summer program online using Zoom/Microsoft Teams as interactive platforms as described below.

 

Summer Research Experience.

In a summer session, we will invite 5 minority/underrepresented undergraduate students from FIU and 5 students from the partnering HBCUs for an FIU-NFSTC hosted research program, providing an intensive research sprint, and opportunities to meet guest speakers, faculty and industry mentors. The first week will consist of a virtual digital forensics training program conducted by NFSTC in Largo, Florida, where students will be introduced to applied digital forensic research, conducting (where possible) hands-on, applied digital forensics work and attending Digital Forensics platform instruction. The program will consist of the following events.

Week 1
  • Intro and update on Research Fundamentals (Research 101) and US Government Opportunities in research and digital forensics
  • introduction to selected research topics
  • literature review of topics
  • identification of the research problem and research questions
  • development of a research methodology
Week 2
  • begin selected topic research throughout the week
  • presentations by invited speakers from US government research labs
Week 3
  • continue selected topic research throughout the week
  • additional invited speakers by the US government and a research wrap-up discussion
Week 4
  • develop a research poster
  • present research

Summer Projects for Student Training/Research

Students will work on the following projects, as well as open digital forensics research projects based upon the individual student and faculty member selection. These projects are designed to be conducted in a “sprint” environment.

 

Virtual Forensic Environment

The push to move digital forensic training online has created a desire to have a virtual environment in which to conduct training. There are many hands-on tools and special circumstances that have made this a unique challenge. While there are many current solutions for virtual forensic environments (see CyberFlorida, and FIU E-Labs for example) these do not fit our unique current and future needs, as these solutions provide an adequate platform only for analysis work of forensics, but lack the often-overlooked collection procedures essential to development of digital forensic examiners. These collection procedures are the foundation of the digital forensic process and quite often given short shrift in training scenarios. We propose to address this shortfall through development of virtual Local Media Acquisition—the process of creating forensic images from media, Cellphone Acquisition—extracting information from cellphones, and Boot Scan Analysis, and forensic triage tools used to bypass Windows passwords or boot a machine in a forensically sound manner. The process of acquiring information from the device is often the most important step in cell phone forensics. The hands-on aspect of this process, while difficult to replicate “virtually,” is invaluable as it requires changing settings on the phones, plugging in cables and initializing phone processes to successfully acquire data. We propose to develop processes allowing remote boot of a device to an alternate OS, but still have direct access to the hard drive/memory, making these processes extremely valuable to forensics examiners.

 

TrID: Command Line File Signature Analysis Tool

TrID is a command line tool that performs file signature analysis to determine if there is a file extension/file signature mismatch. Some users have an aversion to command line, fearing irretrievable disruption of the files. We propose to develop a simple graphical user interface (GUI) or batch file tool to execute the process. If successful, the project would enable the correct switches to be applied, which will not only identify mismatches but will amend the filename:extension to include the correct file extension. Resolution of the project will provide soldiers with an expedient means of identifying file signatures real time.

Rapid SEED: A Field Expedient Tool for quickly seeding user data on multiple mobile training devices. Seeding user data on multiple training phones has been a manual, time consuming process. The National Institute of Standards and Technology (NIST) published a Quick Start Guide for Populating Mobile Test Devices (NIST Special Publication 800-202), which provides procedures for documenting and populating various data elements typically found within the contents of a mobile device, e.g., mobile phone, tablet, etc., to test digital forensic tools often used in incident response and criminal investigations. The most common smartphones used in training are Android devices, which are based on Linux. The most time- consuming part of seeding devices is call logs, SMS messages, and MMS messages data, but it would be optimal to seed all data fields in the NIST guide. We propose to develop a script or GUI to transfer data from tables (in .XML, or Excel, etc. format) based off the NIST guide, and filled in with user data, that could be used to transfer the data to mobile devices. This would expedite data seeding processes. Multiple devices can be quickly seeded based on training scenarios, saving valuable field time for robust scenarios.

 

Digital Forensic Techniques in Real-Time Applications

The volume of available data requires exploitation of data streams and sources, and fusion of information through application of Artificial Intelligence/Machine Learning techniques. Data sources include cloud-based information storage and retrieval, Internet access to open-source and classified information through computer fraud and cyber- attacks, and information centric warfare disrupting instruments of national power. AI/ML techniques will be employed to develop new tools for extraction, data preservation and development of visually extracted data. Example projects with national labs and industry partners in this area would include the following:

  • Large-Scale Data Visualization (LSDV) Students will work towards identifying, preserving, analyzing evidence to minimize threats using LSDV by cloud and GPU based programming in real-time. High performance computing is proven to produce “n” times faster outcomes.
  • Smartphone Forensics Students’ research will focus into device triage, extraction, recovery and analysis to develop robust, reliable forensic tools. AI/ML techniques will be used to target/develop automated solutions to improve efficiency, speed, quality of investigations, as well as leakage.
  • Social Media Forensics Students will experience the development of techniques to perform buffer analysis of web browsers, real-time evidence collection in messaging/chats for apps such as TikTok, which are currently limited due to large data. Each of these projects will enable us to train the next generation of undergraduate and graduate students who will be able to develop improved forensic techniques and tools.

 

Digital Forensics Research Workshops

We will conduct two digital forensics research workshops as part of our overall effort. The workshops will take place during the fall semester of 2023 and in the spring semester of 2026. Each workshop would consist of two panels and a Future Concept Action Session seeking to outline innovative technologies and actions in developing new, transformational tools and techniques for digital forensics. The workshop approach would use a presentation and question-answer panel presentation to prepare the participants for investigating and resolving the research challenges. This would also serve to disseminate ongoing FINDS Center research.

Scientific objectives would be to address emerging research questions, as outlined in our current research projects and to address other issues that may arise as the science of digital forensics continues to emerge and transform. Of key interest in all panel discussions would be the rapid analysis, exploitation and defense of information to assure U.S. military dominance in all aspects of the digital information domain. The workshop results would serve as a starting point for additional research. The proceedings will contain a “Way Ahead” section identifying future research and operational activities, serving to inculcate findings into an actionable strategy.