Graduates of the University of Southern California’s computer and digital forensics degree program have nabbed jobs in cyber threat intelligence at Sony Pictures, incident response at Cylance, cyber intel at Lockheed Martin, and other covert or highly sensitive operational outfits.
Intrigued? We certainly were, so PCMag took the Expo light rail (driving is so over in LA) to USC’s downtown campus, and met with Dr. Michael Gregory Crowley, Associate Professor of Information Technology and Computer Science Practice, and Joseph S. Greenfield, Associate Professor of Information Technology Practice.
Greenfield came up with the course concept while working professionally at computer forensics firm Maryman & Associates, which showed him what was needed within industry today. Perhaps one of his students can help Facebook with that audit of Cambridge Analytica.
Here are edited and condensed excerpts from our conversation:
Firstly, Dr. Crowley, give us some background on why this course is needed, particularly today.
[MC] Cyber threats and vulnerabilities pose a serious global economic hazard, and we’ve found the industry has a high demand for students, like ours, with practical cyber security and digital forensic skills. We know that computer forensic skills provide an excellent way to gain government or law enforcement employment at the local, state, or federal level, or within the private sector.
Talk us through what students learn here.
[MC] Joe needs to take that question, as he’s the curriculum guy.
[JG] I studied computer science here at USC, and even though there were elements of the course that focused on digital forensics, after I started working in the industry itself, I could see what was needed. I essentially built out the program that I wish had been here when I was an undergrad. Now we have one of the most extensive courses in the US.
Do you teach undergrads how to pull apart hard drives with tweezers?
[JG] [Laughs] Not quite to that degree. But they certainly learn how to remove them from computers, connect them to Write Blockers and investigate what’s going on inside. We’re trying to make students as industry-ready as possible. That’s what makes us unique—all of our faculty are real-world professionals—not just research academics.
How is the course structured?
[JG] This is another thing that, we feel, makes us unique. We frame the course as a real-world case—we present it to the students, they have to come back with a crime report, defensible in court. We even take them downtown to the L.A. County Courthouse so they can practice in front of a real judge. It’s a great experience, and properly nerve-wracking for them.
Which computer software platforms do you use within the course?
[MC] We make sure our students are exposed to as much as possible, including EnCase [and] Forensics Explorer. We’ve just recently got licenses for Magnet AXIOM, BlackLight, MPE+, and we’re considering purchasing FTK. We also train our students on open source tools like Autopsy.
What do you need students to be expert in before they arrive?
[JG] We do trial-by-fire. There’s no pre-requisite, but by the end of the semester, they have to be able to code an MD5 password cracker in Python.
So they better know stuff before they come, or be prepared to slog through online tutorials during nights and weekends?
[MG] [Laughs] To be fair, we are having a massive curriculum change and will be bringing in some formal instruction on how to script and code because we believe that’s necessary.
[JG] We’re also bringing in updated skills training to reflect the world our students will be entering when they graduate, particularly in terms of spoken languages, not just software systems.
Like Russian and Mandarin?
[JG] And Arabic.
One unit on your course is called Hackers to CEOs. Can you talk about that?
[JG] We reference some of our professional colleagues who, back in the day, when we were all teenagers, started out as hackers and are now CEOs of companies.
[JG] [Laughs] Nope. They might really hurt me if I do that. Instead, we talk about what people used to do which was for fun and for thrills and is now much more serious, economically driven. These are people not hacking in basements today, but inside top secret military operations doing work in national security or combating organized crime.
The world has moved on from [the movie] Hackers.
[JG] It certainly has. Although I tell students they need to watch that movie, and WarGames, to understand people like Kevin Mitnick who was in jail, and on the FBI’s Most Wanted list, but now runs his own cyber security firm.
Talk to us about your BitTorrent Forensics course unit.
[JG] I developed this and presented it first to the Los Angeles Electronic Crimes Task Force because, at the time, there was the big security breach of X-Men Origins: Wolverine, which came out on BitTorrent three weeks before general release. Since then, I’ve had law enforcement officials confirm to me that they’ve used what I developed to catch people with child pornography too, by going to original host level analysis to associate the downloaded content with the metadata files to establish origins. So it goes beyond Hollywood.
Good point. So, alongside Hollywood studios, the FBI, Crowdstrike, and Rapid7 are some of the employers who take your graduates. Do you also run professional training for employees inside these companies, as this field is expanding all the time?
[JG] We’ve started some initial talks with professional development programs here at USC, but we have done training with LAPD and Los Angeles County Sheriff’s Department for first responder scenarios.
So they don’t hit the crime scene and start touching the computer equipment before digital forensics gets there?
[JG] Exactly. We do training for the non-technical first responders who get to a scene before the geeks arrive. After our training, they now know not to touch the laptop; to ensure it’s still powered on, and so on.
Do you have many graduates going into US Army Cyber Command?
[JG] If we do, they wouldn’t be allowed to tell us.
How about the Port of Los Angeles Cyber Command?
[JG] I do know people who worked on setting that up, from my law enforcement connections, and we’re building liaisons with industry all the time. It’s a great setup down there.
Can you tell us what you did to receive the United States Secret Service Certificate of Appreciation?
[JG] I can’t be specific.
Clearly you do enough to have roused their appreciation. Final question: what have you seen in the past six months in terms of new developments in cybercrime that have lead you to add in additional software programs and case studies?
[JG] Everything’s about crypto-mining these days. In 2013, it was all about point-of-sale malware, 2014 was all about ransomware, now that’s been abandoned and people are getting infected with malware that utilizes all their resources for crypto-mining. It’s faster for criminals to monetize and we’re swiftly updating our curriculum to reflect this new reality to ensure our students are fully equipped to combat this threat in the outside world.