UW News

September 10, 2004

UW launches computer forensics studies to thwart cyber-threats

With hacking, spam and computer viruses disrupting more businesses and even threatening national security, three area colleges will launch a new program to train experts in countering such cyber-threats.

The colleges, using a combined $270,000 grant from the National Science Foundation, will offer six classes that include hands-on training in thwarting computer attacks—such as examining actual hard drives of computers that have been invaded.

Students in the program can earn a certificate in the fledgling field of computer forensics from Highline Community College, Seattle University and the University of Washington.

Critical infrastructures of the nation’s society and economy are increasingly dependent on the Internet, which is vulnerable to attack, says program co-founder Dave Dittrich, a researcher at the University of Washington’s Information School.

“Attacker tools have increased in power and sophistication,” Dittrich says, “and any network in the world could be taken off-line for days, maybe even weeks. Part of the problem is a lack of skilled computer-forensics experts who can quickly analyze disks and network traffic to identify threats and gather evidence.”

By collaborating, the institutions can quickly create the Computer Security/Forensics certificate program. The UW will develop the forensic software tools, and Highline and SU will test the tools and develop the corresponding curricula.

Three of the classes in the six-course program are already offered at the institutions as part of other programs: Highline has an introductory course in computer forensics (CIS 155: PC Analysis and Configuration) and Seattle University offers CSSE592: Computer Forensics as well as CSSE591: Information Assurance. The new classes will be created and offered by the three institutions jointly. Faculty will teach these classes at their respective institutions and, as needed, at the other two.

“What makes this project unique is when we are developing the classroom software tools we will be obtaining disk images from actual compromised drives for student use. That has not been done before,” says Amelia Phillips, a faculty member in Highline’s Computer Information Systems/Computer Science department and co-founder of the program. “Students need hands-on experience to learn digital forensics techniques. It’s not something you learn strictly from a book.” Highline is the lead institution in the grant.

Approximately 30 students are expected to enroll in the program at each institution during the funding period; enrollment is expected to quickly increase after the program is fully in place. Students can complete the program in one to 1.5 years depending upon whether they attend school full or part time.

“By combining skills found in each of our institutions, we can more readily meet demand for computer forensics training. There is no program like it in the country. Part of our grant commitment will be to share curriculum we develop with others,” says Seattle University’s Barbara Endicott-Popovsky, one of the principal investigators on the grant.

Once the curricula and tools have been developed and piloted for the program, they will be refined for broad dissemination to other schools and faculty.

The estimated awards are $117,416 for Highline, $70,870 for Seattle University and $81,458 for the University of Washington.


For more information, contact Phillips at (206) 878-3710, ext. 3497; Endicott-Popovsky at (206) 284-6123; or Dittrich at (206) 616-2841.