UCD Master’s Programme in Digital Investigation and Forensic Computing

Introduction

Friday August 12th marked the end of my 2-year part-time study at UCD’s M.Sc. in DIFC with me handing in the final paper for the Digital Investigation project. Since my previous employment was as a University College lecturer, I thought I would do a write-up on how I’ve experienced DIFC from my own perspective as an educator, student and professional in this field. Please note that the course content follows the part-time study model (2 years) and my opinions/thoughts might not be indicative of what full-time students experience.

Signing Up

Signing up for DIFC is a multi-stage process, consisting of submitting a request for enrollment accompanied by two qualified references. After being accepted, you need to complete an exam with a follow-up interview. The exam covers a wide variety of IT-related subjects (in my case: anything from programming algorithms to OS memory management to database engineering), and you only get an hour to complete it. Cheating is pointless/impossible: the exam is only handed out at the moment the hour starts, and is immediately followed by the interview. After I had completed the exam, the interviewers called me on Skype to go through the exam questions step-by-step, asking for the answers and my explanation/reasoning. I wouldn’t say the exam is difficult per sé, but it might be advisable to do a refresher course on some of the subjects.

If successful, you’re officially enrolled and you start to receive E-mails on signing up for classes, your UCD account, paying fees, etc. This is where DIFC could certainly improve: particularly for foreign/international students, who are not ‘on-campus’ or have been at UCD before, it can be a bit of mystery where all relevant information is accessible. Perhaps an early online classroom session where you are guided through setting up the most basic stuff would help?

Module & Course Formats

The actual courses are laid out in a quarter/semester form. The starter courses are more entry-level, designed to get everyone up to the same level of knowledge. Progressively, the courses get more difficult and continue to combine and build on the knowledge that was acquired earlier. Particular module/course highlights for me were the IT Law module by TJ McIntyre, the Information Security course parts by Michael Harris and the reverse engineering classes by Dr. Gladyshev:

  • I’ve always been interested in IT Law, and TJ is a particularly engaging lecturer, extremely knowledgeable and was always willing to extensively answer questions that came up. The IT Law module is tough (prepare to write a LOT of papers) but very rewarding and very informative!
  • Michael’s course stood out due to the pentesting theory classes and practical assignment – we were gradually taught about all the types of security issues that can present themselves in web development, and the accompanying assignment consisted of writing pentest report on a virtual environment that we were allowed to pentest in any way we wanted (within reason: don’t break stuff for your fellow students)
  • The reverse engineering was extremely difficult in some ways; despite having some pre-existing knowledge of assembly and seeing good examples during the lectures, it was just hard work implementing the knowledge in practice. The assignment consisted of being given an executable file, individually compiled and unique for each student, that was exhibiting ‘malware behaviour’. During the classes, we were instructed in the basic usage of IDA (Free version) and OLLYDBG to debug executables, but this was somewhat superficial and it took me quite some blood, sweat and tears to finish the actual assignment. On a funnier note, I did figure out how to leverage the information from the provided malware in other, destructive ways, leading me to sending a responsible disclosure to Dr. Gladyshev on a late Friday night 😉

The lessons themselves are simultaneously ‘live’ in the actual classrooms and in an online (AdobeConnect) environment. It makes the part-time and remote students feel ‘part of the classroom’ and connect with the full-time students, which is great! Generally this worked well, but the initial courses suffered a bit from poor video/audio setup. This was partially due to the quality of the technical equipment, partially due to poor internet connectivity. Regardless, this only happened a few times and the quality was generally quite good. Presentations were a combination of theoretical concepts, mixed with practical assignments and discussion, which made for an engaging classroom experience.

Exams & Assessments

On average, 2-4 exams are handed out per course, which are graded American-style: F, D, C, B, A with +’s and -‘s, D being a minimum ‘passing grade’. The exams wildly vary in type (which I consider a good thing!) and size: anything from a short paper to a full-blown pentest report. Although most of DIFC is possible through remote studying, some exams require you to be present – at least two visits to Dublin are required. Notable moments are the on-site exams around December and March, as well as the forensic interview/search & seizure/courtroom workshops. The dates for these required visits are communicated well in advance. Nevertheless, it is highly recommended to still book flights & accomodations as early as you can: Dublin is a popular city and prices can fluctuate strongly, particularly during conference season (as happened with my visit(s)). The last DIFC course module is the Digital Project, where you are required to come up with a practical research project in the field of Digital Forensics. The examinations for this are different; rather than individual assignments, you report on the different milestones of your project: doing a literature study, building a proof of concept, evaluating the results and writing an academic-quality paper.

Summary

The M.Sc. programme is well-worth the one (full-time) or two (part-time) year(s) of your life. Issues over the last two years were non-existent or minor, but they were at least readily explainable and understandable from a practical / logistics / educational point of view (at least in my opinion).  Where I think DIFC could be improved is the communications, course theory and assistance:

  • Getting up to speed as a ‘new’/’new-to-UCD’ student was slow and we had to figure out a lot of things for ourselves.
  • Course theory did not always match the same level of depth as the practical assignment that was connected to it. While not a necessity, it would be good if the assistance (e.g. through the Ph.D. students) for some of the subject matter (reverse engineering – see above) would be more accessible and easier to plan.
  • Scheduling appointments felt very ad-hoc and doing this over E-mail was inefficient, at best – perhaps some centralized method of scheduling could help?

The M.Sc. in Digital Investigation and Forensic Computing truly shines in its hands-on, practical approach and the engaging content and lessons.

Acknowledgements

I would like to thank everyone who’ve helped to make the years at UCD simply awesome:

  • UCD: Pavel, Babak, Mike, TJ, Andy, Mark, Owen, Lee
  • Fellow UCD students & friends: Michel, ‘The Three Dan-s’, Andrea, Bushra, Louw, Andy, Mitchell, Robert
  • Family & friends: Eva, Oscar, Jan, Carla, Hans, Elmer, Toni, my parents
  • Everyone at KPN and the HvA that made it possible for me do this study!

I hope I didn’t forget anyone in this list. If I did: sorry, tell me!

This entry was posted in DHCP. Bookmark the permalink.