Carnegie Mellon University

INI's Forensic Track

Bookmark and ShareTweet this storyShare this story on FacebookEmail this story with a friendSubscribe to Homepage Story RSS FeedArchivesSubmit a Story

Securing Knowledge

Jim Irving (INI'10)

Jim Irving (INI'10) won't be home watching CSI reruns this summer; he'll be working with the team that helped the U.S. Secret Service successfully investigate the largest case of identity theft in history.

Irving is earning his master's degree in Information Security Technology and Management from Carnegie Mellon's Information Networking Institute (INI). His special interest in security and forensic investigation led him to the INI, a full scholarship through the federal Scholarship for Service program and an internship with Carnegie Mellon's Software Engineering Institute's cutting-edge CERT department.

CERT — short for Computer Emergency Response Team — helped the Secret Service investigate an international crime involving the theft of 40 million credit and debit card numbers hacked from the networks of nine major retailers.

"There's nowhere else on earth you can get the level of education in security that you can here," Irving explained. "I'm getting to study something that I care about. This information's difficult to come by and having people of this caliber and courses that are designed this well is a big deal."

Since fall 2009, INI students like Irving have been able to enroll in a new Forensics Track option, spearheaded by Carnegie Mellon's Rich Nolan, INI adjunct faculty and CERT's Forensics Technical Manager/Law Enforcement Principal Engineer.

Students learn critical incident response skills from CERT members using forensically-sound, or court-admissible, methods.

"The Forensics Track is a direct outgrowth of the security work we do at CERT, such as large-scale intrusion investigations and network forensics for major criminal cases," Nolan said. "The real-world lessons we've learned have been translated into curriculum."

Nolan recognized the need while teaching at the INI.

"People currently in the field are very 'tool-centric' in their training," he stressed. "They know only the front-end, and when that application fails, they're stuck. Now the students at the INI will learn the science behind what these tools automate. Not only will they learn security, or how to build a better lock, but they'll know what to do when the lock is broken into."

Nolan feels the training is as valuable for future managers as it is for investigators.

"This program will make the students better network security managers and leaders," he explained. "We've been teaching them all about security, but the moral is no matter how you improve, the criminals evolve in their ability to circumvent. Forensics and an incident-response understanding build in the fact that you will be hacked. We talk about building in all the things that will tell you how they did it and who did it."

He believes these skills are valuable to both government and industry, adding, "There are more jobs out there than those graduating."

Related Links: On YouTube: INI Programs  |  INI  |  SEI  |  CERT