Moot court experience allows students to apply digital forensics knowledge
Moot court experience allows students to apply digital forensics knowledgeJuly 30, 2009Margaret Costello Spillettmcostell@syr.edu
For the past several months, security officers at ForCorp Inc. have been investigating an employee over the possible theft of proprietary company information. The employee is suspected to have passed on this sensitive material to competitors via a floppy disk found at his home. The suspect, however, claims that he did no such thing.
This was but one of the scenarios students of “Digital Forensics” (IST 600) faced during their moot court experience on July 16 and 17. The moot court experience, which served as the final exam for the course, required students to take the stand in the College of Law’s Bond, Schoeneck, and King Courtroom as digital forensics experts and use their in-class examination of a disk to testify.
“Forensic scientists have always been trained using moot courts, because moot courts are truly the final examination in life for a case,” says adjunct professor Mark Pollitt, the instructor for the course. “Scientists need to do moot courts to prepare themselves.”
Pollitt, a retired FBI agent who specialized in digital forensics, has taught “Digital Forensics” at Syracuse University for the past five years. He uses the moot court exercise so that his students can demonstrate all of their skills as communicators, teachers, technicians and investigators. The course was offered through the School of Information Studies’ (iSchool) Regnier Summer Institute.
“[The moot court] is really a great motivator and a great way to synthesize what you learn in the course,” Pollitt says. “If you know as a student from day one that everything you do is going to be under public scrutiny on the stand, then it works as a motivator to pay attention.”
Knowing the material for class and being quizzed by a professor is a challenge, but presenting the information as an expert witness in the courtroom is a completely different experience. One of the students said that when she was on the stand the entire class flashed by her, Pollitt says. Another commented that he felt like half of his brain shut down while he was testifying. Ali Al Hadwer was no different.
“I was so nervous,” says Al Hadwer, an iSchool student from Saudi Arabia. “Although I prepared very well for the moot court, I was able to learn many things from the way Mark discussed my investigation reports. You must be professional and stick to your report facts. I don’t hesitate to say that this class gave me the knowledge necessary to do my job as a forensic expert in the future.”
“Digital Forensics” may only be a weeklong summer course, but the intensive schedule allows Pollitt to give an overview of all of the important topics in the field, including forensic science theory, legal issues, operating system and hardware fundamentals, data recovery, forensic tools and examination planning design-all of which ultimately culminates in the moot court.
“I wanted to provide a survey class that would teach IM [information management], LIS [library and information science], and TNM [telecommunications and network management] folks some new ways of thinking about information and how to retrieve information in the context of criminal cases and in the context of law,” Pollitt says.
Pollitt teaches from personal experience, as he was the first FBI agent to become a computer evidence examiner in the newly formed Computer Analysis Response Team (CART). He was then promoted to FBI headquarters, where he led the CART program and helped it grow to a group of more than 250 examiners. In 2002, he became the director of the FBI’s Regional Computer Forensic Laboratory Program, working with law enforcement agencies on the federal, state and local levels to build digital forensic laboratories throughout the United States.
Pollitt says that a common problem for students is that many come into the course thinking digital forensics is just like what they see on TV.
“‘CSI’ is to real forensics what ‘Scrubs’ is to the emergency room,” Pollitt says. “What’s worse is that it creates some unrealistic expectations, which I think is sad because there’s so much good and interesting stuff that we still need to learn how to do in forensics, not just digital forensics.”
Although forensics, especially digital forensics, is very specialized, having a background in this field may prove to be much more useful and profitable than students may realize.
“Forensics is a very specialized subset within many of the professions you can enter that affect the world,” Pollitt says. “There are plenty of opportunities, whether in criminal intelligence or electronic discovery.”
In fact, research firm IDC recently estimated the U.S. digital forensics market to be worth $630 million in this year alone, compared to $252 million in 2004. The international market is expected to reach roughly $1.8 billion by 2011, Pollitt says.
As awareness about digital forensics grows, Pollitt hopes to further develop the course to address imminent problems in the information field.
“My goals are to provide all of our students, particularly the IM majors, with an appreciation of how forensic methodology, if not forensics itself, can help them frame and solve some of the information security problems,” Pollitt says. “I want to provide LIS folks an opportunity to think about information in a different context than they are used to doing, and what I want to do for all of the students is to develop an awareness of the social implications of cyber crime and information security.”
Within a week, students have gone from knowing nothing about digital forensics and what it entails to being able to scientifically analyze data and to use this knowledge to testify in court.
“‘Digital Forensics’ was an unforgettable class,” Al Hadwer says. “I enjoyed every moment in the class.”
The feeling is mutual with Pollitt. “My experiences with the students in this class have been wonderful,” he says. “I’m very pleased to be able to do this here.”