Archive for October, 2009

A quiet week – but new material on the book website

Posted on October 27, 2009. Filed under: 1 | Tags: , , , , , |

A fit of conscience overtook me today – having spent the last couple of weeks working on a contract with the University of Ulster (I’m helping to rewrite their distance learning module on Forensic Science and Crime Scene Science) and negotiating my Visiting Academic title, I suddenly remembered that I’ve been neglecting the book website. A new set of exercises for Chapter 3 is, therefore, online. (See for more)

Meanwhile – life as an independent is getting interesting. Planning of training courses has moved on and it looks like November will see the start of the first one (on seizure and handling). Calls about the regulator’s proposals are also arriving and my concerns about how to demonstrate “fitness for purpose” no longer seem to be unique to me. There are ways of doing this, but it will required the industry as a whole to get behind the project and agree the mechanisms properly.

And finally – something I can’t talk about – but it’s an interesting one. When this “secret squirrel” job is over, I might hint at some of the details.

Read Full Post | Make a Comment ( None so far )


Posted on October 21, 2009. Filed under: All, Education | Tags: , , |

Over the years I’ve had a number of enquiries about becoming a PhD student within my fledgling research group (when I had one). Every single one of them seemed to think that a) I had plenty of topics for them to work on and b) I had lots of money to fund them.

Let’s get a couple of things straight – in the UK, very few universities or other research organisations have funding for PhD research unless it is associated with an established high profile programme with external funding allocated to it. The majority of PhD students are, therefore, financed by themselves, their employers or their governments.

This also means that, although the potential supervisor (Director of Studies in PhD-speak) might have a lot of good ideas it is morally and ethically dubious for him or her to attempt to dictate the topic to the student. A secondary issue is that it is very difficult to judge the ability of a potential PhD student from just a CV and a few lines of references. For this reason, most responsible DoSes will ask the applicant to come up with a research proposal – usually of one or two pages – to allow them to assess the candidates suitability. They should also ask the crucial question “who’s paying? ” (strangely enough, once this question is asked about 75% of applicants give up – makes you wonder what the motivation was really ? )

The proposals are quite informative – some are just page after page of material ripped from the ‘net (do you think we really don’t know the sources better than you do ? ) and go straight into the bin whilst muttering the word “plagiarism” again. Others read more like the sort of essay one would expect from a school pupil. Poorly referenced, ill-thought out and full of journalistic tone and opinion. The good ones, though few and far between, are a joy to read. They contain a properly considered argument explaining what the general research area is, have an indication of what the critical research questions might be (these haunt PhD candidates for the rest of their lives…) and how they might be answered. There will be proper references to published recent papers on the subject (not just a list of books and webpages).

So – if you’re thinking of applying for a PhD – prepare first – please don’t just send an e-mail asking if there are any PhD place – tell the potential DoS what you want to do and it’s going to be paid for – that might get you to the next stage – the interview. At that – there will be one crucial question : “Why do you want a PhD ? ” – and there is a right answer to that – but I’m not going to give away all the secrets now.

Read Full Post | Make a Comment ( None so far )

Credit, debt and security

Posted on October 14, 2009. Filed under: All, forensic, life | Tags: , , , , , |

Sitting at home with nothing but the radio and daytime TV for company is an interesting experience. I tend to keep the TV on while I’m working just to have some background noise and movement.

One thing I’ve noticed recently, though, is that there’s a steadily growing number of adverts for “pre-paid credit cards”. Let’s just review that for a moment – pre-paid credit cards.

Now – a normal credit card is really a debt card – i.e. a token which represents a notional sum of money which someone is willing to lend you, and in the UK such things are governed by the consumer credit act. This makes the lender jointly responsible with the retailer and can give a handy degree of protection if something goes wrong with a purchase.

Then we have debit cards – which are a mechanism for getting access to such funds as are available in a bank account and nothing more, unless an overdraft has been agreed. These are not governed by the consumer credit act.

So, where do pre-paid credit cards lie ? Well – the process is simple – the user “loads” cash onto the card, just like making a deposit into a bank account – in effect, giving the card company an interest-free loan. When the card is used, only the available balance in the account can be spent. These cards are being marketed as a way of controlling your own spending without having to carry cash.

So what is the card ?

To me, it looks very like another form of debit card with none of the consumer protection of a true credit card and fewer of the checks required to open a bank account.

I’ll go further – the adverts seem to be targeting the age group who traditionally have problems getting credit cards because of age and low income. These cards look like real credit cards and can be used in much the same way BUT have less protection – even less since chip & PIN was introduced.

Ah, chip and PIN – I hate this system. Under the old scheme where the bearer had to sign the slip, the retailer could be held liable for fraudulent transactions because it could be claimed that they had failed to check the signature properly. With chip and PIN the responsibility shifts and the first claim is that the card holder has not protected the PIN properly. Don’t get me started on abuse of CVV for mail order and Internet transactions…

So, now we have a card with low initial requirements, no consumer credit act protection and nothing significant in the way of proper anti-fraud mechanisms.

Oh dear. I can see at least 6 criminal activities which would benefit from these cards already.

Read Full Post | Make a Comment ( 7 so far )

Book website & academia rears its ugly ugly head again

Posted on October 12, 2009. Filed under: Education, forensic, life | Tags: |

Never put off till tomorrow what you can leave to next week – seems to have been my mantra as far as the book website ( ) is concerned. However, now I have iWeb on the Macbook, progress is being made rapidly. Exercises for chapters 1 and 2 are already up and I’ll probably have something for Chapter 3 done within the next hour. Those who’ve sat through my lectures or conference presentations on the topics may find some of the example familiar, but I’m bringing them up to date with some stuff based on real casework.

iWeb is proving to be a really nice bit of software to work with, not least because the HTML it generates actually passes W3C validation at the first attempt. The automatic build of the navigation menu is a nice touch too. OK, so it’s still producing simple basic websites without much backend structure – but as a tool to get content online in a clean and usable form in a hurry it scores 9/10 in my book (nothing ever gets 1o/10 btw. – well maybe once in a lifetime)

Latest news : It looks like I’ll be retaining my links with academia as I am in the process of discussing a visiting lectureship with another University. It’s an unpaid post, but allows to me use the title when it is beneficial for research/funding and similar projects.

Read Full Post | Make a Comment ( 2 so far )

The Internet as it was meant to be ;)

Posted on October 6, 2009. Filed under: All | Tags: , , |

The really interesting bit about this is not the technology, but the business model behind it. The newspaper rep. admits that they don’t expect to make any money at all from it – how times change…

Read Full Post | Make a Comment ( 1 so far )

Fitness for purpose

Posted on October 2, 2009. Filed under: All, forensic | Tags: , , |

The last draft of the Forensic Science Regulator’s standard for digital evidence laboratories contained 6 principles – the well-known ACPO 4 plus 2 others. One states that the investigator is responsible for the evidence and their own actions and the other says that the provider “shall have the ability to demonstrate that all tools, techniques and methods are fit for purpose”.

Leaving aside the thorny issue of what exactly is meant by “having the ability to demonstrate” something and what the heck “fit for purpose” means in this context, there is a bigger issue.

Does this mean that every digital evidence lab., no matter how big or small, is going to have to carry out validation and verification of everything it uses ? If so – it’s going to be expensive and time-consuming. Given that most labs. in the UK (including Scotland, NI, Wales and England) use a few commonly available commercial tools, I think there’s a better way.

If we, as an industry, get together and fund a proper independent national validation service which can carry out the tests on our behalf then we can all benefit from a common set of standard tests being carried out just once. Not only that, but the service can itself be subjected to accreditation as a testing lab., giving an additional level of confidence in the results, for all.

Funding is clearly the issue, but if each user organisation subscribed to such a service for say £2500 per annum, the service would have a budget of around £250000 to work with – enough to employ some very good people to do the work. If some of that money is used to fund research students and/or projects then it could be the start of something very very big indeed.

The first employee is ready and waiting – I just need a few more industry figures to support the idea.

Read Full Post | Make a Comment ( 1 so far )

Parasites ? Part 2

Posted on October 1, 2009. Filed under: All, forensic | Tags: , , |

AC and I have done some more thinking and talking about parasitic and symbiotic cloud computing and we have, more or less, come to the conclusion that there are more than just two categories. I’m not going to post much more about it here because we are now working on a paper to express the concepts more fully.

Will it help with investigation ? I have no idea – but I have certain fondness for anything that helps to characterise and classify systems and/or behaviours. It’s just possible that if we can describe the nature of the elements in the cloud, we can identify the more fruitful approaches to investigation.

Read Full Post | Make a Comment ( None so far )

Parasites ?

Posted on October 1, 2009. Filed under: All, forensic | Tags: , , |

Yesterday I wrote something and used the phrase “parasitic cloud computing”. Thinking some more about it – we already have “parasitic clouds” in the form of botnets produced by malware – the stuff I’m really interested in should be called “symbiotic clouds”, but the two are closely related and may turn out to be different aspects of the same phenomenon.

Gosh – it’s nice to have time to think about these things at last!

Read Full Post | Make a Comment ( None so far )

A general comment

Posted on October 1, 2009. Filed under: All, Education, life | Tags: , , |

on modern bureaucracy. I’ll bet you all think you know who this refers to – and I’ll bet you’re wrong too.

Read Full Post | Make a Comment ( None so far )


    This is the weblog of Angus M. Marshall, forensic scientist, author of Digital Forensics : digital evidence in criminal investigations and MD at n-gate ltd.


    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS


Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: