Engaging All - The Cybercrime Investigator
School of Computing
Prof William Buchanan, Richard Macfarlane
Over the past three years a range of engaging material has been created to engage School kids into Computing: The Cybercrime Investigator. It uses a rich and engaging, and ever changing, environment to stimulate the next generation of computing students. Overall it is an immersive environment based on who, why, when and where puzzles, which provides a unique crime scene for every user, and uses techniques such as deep zoom to integrate a wide range of academically challenging puzzles to solve. Overall it integrates a wide range of digital forensics and security techniques, including finding hidden messages, and crack codes (including hashing and encrypted content). It focuses on a cybercrime investigation, using enhanced graphical techniques such as deep zoom-technology, which is used by the user to zoom into and out-of graphics with hidden clues and covert messages. Each challenge is randomly generated, matched to their level, and is different for every user. It thus covers some key principles within digital forensics and cybercrime, in order to solve a crime, including ASCII coding; Caesar Codes; Shifted Alphabet codes; Pigpen Coding; Differing Encoding Methods (Base64, Hex and Binary); Hidden Content within Files; Directory Searching Hash Codes; Dictionary Searching Cipertext; and in finding Covert Messages. The objective of environment given to the user is to solve a series of challenges in order to find: Who did it? Where it was? Why they did it? When did they do it? and so on. Each time it is run the environment creates a new set of the investigation parameters, and all of the challenges are based around these. For example, if the user were to run the environment, and the crime was done by Fred Smith, the shifted alphabet code might be: UGTS HBXIW (which is a 15 letter shift), and they must then use a shifted alphabet calculator to find the number of shifts required, and thus the message. There is thus randomisation within the solving of a challenge, which cannot be solved easily by running the challenge over consecutive time intervals, or from the answers from other users.
The innovative nature of the project overcomes many of the issues identified: • Engagement in the user environment. This uses an immersive environment, where the user can zoom-in and zoom-out of the material. • Academic rigour in material. The environment will include a wide range of challenges which are underpinned by key academic principles. • Variability in the challenges. The environment will be ever changing, and no two challenges will ever be the same. • Matching the environment to the level of the student. The script for the environment will have levels of difficulty defined • Customization by the academic. The engine for the environment uses a script which is uploaded to the Web-site, and academics can thus customize it as required. Overall it makes the learning of academic techniques enjoyable and ever changing. It can also be matched to the level of the user, where school kids can be given relatively easy challenges to complete, where high-level users have fairly challenging ones.
The main issues that this proposal addresses are: lack of engagement in the user environment; lack of academic rigour in material; lack of variability in on-line challenges; lack of matching the environment to the level of the student; and lack of customization by academics. The environment uses current state-of-the-art graphical Web-based presentation methods such as Microsoft .NET Page Flicking and Deep Zoom technology to generate the material in which the student searches for clues. Most on-line learning material, which is aimed at being engaging, often does not have a strong academic infrastructure and focuses more on game playing than learning. The proposed system integrates a wide range of key principles involved in computer security, each of which is generated as a unique challenge so that no two students will get the same range of challenges. For example, there is a technique which generates a digital signature of a message (known as Base-64 encoding). The user will then pick-up an automatically generated page flicking book which contains a graphic within the book representing a Base-64 code that they are looking for. Thus Edinburgh (for the place) would appear in the book as RWRpbmJ1cmdo. The students would then use an encoding calculator, in their toolkit, to determine the mapping between Base64 and the plaintext equivalent. The user will thus learn two key security principles: encoding and digital signatures. Often the problem with many learning environments is that they are not integrated and have a poor user interface. For this the environment also uses Microsoft .NET Deep Zoom technology so that students can zoom-in and zoom-out of a document in order to find hidden covert messages. This uses the Deep Zoom Composer package to create different levels of abstraction of an image, where students can zoom-in to identify possible places for clues in order to learn key academic principles and for them to learn about possible risks involved with the Internet. The main environment splits into three main presentation areas: investigation parameters (where the student enters the things they have found out about the investigation); the main investigation area (where users zoom-in to find their challenges); and a toolkit (which contains the main computing calculators and tools that they will use to solve the challenges). The developed system aims to produce a designer which can be used by academics to create their own environment and includes a script for the investigation, which defines various levels of difficulty. Trainers will thus be able to script their own environment and match the level of difficulty to the level of the user, and also whether users get some feedback about how to solve the puzzle. The definition of levels of the challenge will allow the environment to be used by a wide range of stakeholders, such as for a novice user and for advanced investigators, while also making it useable by the general public in order to understand the risks of the Internet.
The environment has been used for the past three years as part of the IT4U event (2008, 2009 and 2010), and has received a great deal of acclaim from teachers, especially as they continually bring their pupils back to the workshops, and praise the range of material. The Scottish Police and UK Cybercrime Units are showing interest in the system, especially in training Cybercrime Analysts around the threats caused by Olympic Games. The project has also been submitted towards the Technology Demonstrator 3 Augmented Reality Trials, which is part of the Innovative Science and Technology in Counter Terrorism (INSTINCT) cross government approach that seeks innovative solutions to support CONTEST, the UK’s Strategy for Countering International Terrorism. The main community is computer science, computer security, digital forensics and cybercrime. The risks of computer crime, though, are relevant to everyone, especially as the Internet becomes integrated within everyone’s lives. There are few areas which are as exciting to prospective students and school children as the investigation of cybercrime, and in the usage of digital forensics. It thus can provide an excellent example of engaging a wide range of stakeholders into understanding the risks involved with their interactions with the Internet. The environment will use current state-of-the-art graphical Web-based presentation methods such as Microsoft .NET Page Flicking and Deep Zoom technology to generate the material in which the student searches for clues. Most on-line learning material, which is aimed at being engaging, often does not have a strong academic infrastructure and focuses more on game playing than learning. The proposed system integrates a wide range of key principles involved in computer security, each of which is generated as a unique challenge so that no two students will get the same range of challenges.
Engaging All - The Cybercrime Investigator by Prof Bill Buchanan is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Sample: http://www.soc.napier.ac.uk/~bill/e_presentations/it4u/it4u.html An older on-line version is at (using in 2009): http://buchananweb.co.uk/it4u00.aspx, which shows some of the principles, but the new version has a completely integrated graphical interface and a much wider series of challenges.
25 June 2010