Monthly Archives: September 2017

International Cyber Conflicts @ Coursera

I just finished the course ‘International Cyber Conflicts’ at Coursera.  The course was developed and led by professors Sanjay Goel and Kevin Williams from the State University of New York at Albany.  This was a five week course that consisted of recorded presentations with inline questions; discussion forums; and end of week quizzes.

The presentations and readings for this course were good.  After several readings referred to Cybersecurity and Cyberwar by Singer and Friedman; I elected to buy the book.  I had been able to obtain the book through my local library on an inter library loan.  After the second reading I really enjoyed the book and purchased it via Amazon.

I would say the only downside to this course like others that I have viewed is that the discussion forums were not really that good.  The discussion forums themselves merged comments from previous offerings of the course (from about a year ago).  I can appreciate why the instructors did this ; in an attempt to seed the discussion forums and get more people contributing.  I didn’t think that worked.  and then as with many Coursera offerings some people just don’t understand or seek to contribute to the discussions. Tighter moderation might help there.

I enjoyed the course and would recommend it to anyone interested in cyber security.  The cost for the course was free unless you request a completion certificate.



USB Forensics

I recently came across two very good articles about USB forensics.

The Hitchhiker’s Guide to USB Forensics was published at the Cyberforensicator site by Oleg Skulkin and Igor Mikhaylov.  It is a very well thought out an written description of how to find out by operating system analysis what files have been copied to a USB device.  They used a Windows 10 virtual machine and the Oxygen Forensics AXIOM tool to conduct a basic analysis.  They are locating evidence about what files have been copied or moved.

I was looking for references to how to investigate just the USB drive itself.  I found the SANS Computer Forensic Guide to profiling USB Thumbdrives on Win7, Vista, and XP. This is a blog post by Rob Lee dated September of 2009.  This was more in line with what I was looking for given I that one found the USB device and wanted to start treating it as evidence. Rob had written about the differences between analyzing USB thumb drives and drive enclosures.  There was much good info in both posts.