Professor Iain Sutherland
My continuing research has influenced the course content and the unique nature of the Computer Forensics Research Laboratory within academia enhances the reputation of the degree, which is of strategic importance to the Faculty of Advanced Technology. I have been tasked with the redeveloping the content of both the undergraduate and postgraduate forensics and security degrees for the revalidation and delivery in 2011. My involvement in security and forensics consultancy ensures teaching and research activities remain relevant. This is one method of addressing the problem of the rapid rate of change in this subject area I have incorporated research tools from the forensics laboratory into practical sessions to demonstrate ‘state of the art’ technology; one session for final year undergraduate students has demonstrated disk recovery techniques and allowed students to dismantle and explore hard disk drive technology.
This practical session has been further developed to create a training course for the Home Office Scientific Development Branch (HOSDB). This course has been highly successful and we have repeated the HOSDB course in late 2010. Postgraduate students studying on the M.Sc. Computer Forensics participate in the development of forensic tools and resources.
- 1998-2000: Research Associate (The LITCHI project), UWC
- 2000-2000: Research Associate / Part Time Lecturer UWC
- 2000-2008: Senior Lecturer, University of Glamorgan
- 2008-Present: Reader in Computer Forensics, University of Glamorgan
2008 Member of the British Computer Society (MBCS)
Research Areas and Interests
My research lies in the area of Information Security and Computer Forensics. The latter in particular is still a relatively new and expanding field in which I have made a significant contribution. In addition to being actively involved in research in computer forensics, I am supervising a number of Ph.D. students in the area of forensics and security these include such topics as large scale forensic systems and Swap file analysis. I have a proven research record with over 40 refereed conference and journal papers. I have contributed to two main areas.
These are applied computer forensics and applied information security.
Applied Computer Forensics
Due to the applied nature of the subject area, my involvement in forensic consultancy has enabled the development of techniques for the commercial investigator and uncovered areas for further research. This has lead to the publication of a number of papers aimed at guiding the investigator searching for particular forms of evidence relating to computer crime.
An additional area of my work has been in the development of concepts for future tools and techniques for forensic analysis and in particular the use and design requirements of open source tools used to acquire live memory. This has contributed a series of criteria to determine the reliability and the possible impact of deploying these tools on the suspect’s system and the possible legal impact of live investigations. More recently I have started to examine alternative computing platforms as potential sources of evidence.
One example of this strand of my research work is the contribution to work on XML security and research into data disposal practices. A summary of the findings of this research and the potential impact on practices and procedures were disseminated directly to industry in the commercial NISC conference at St. Andrews in 2008 and to IT Wales in London in 2009. The research on data disposal has lead to further investigation into data recovery and the possible repair and misuse of hard disk drive firmware. This developing research area has provided scope for a number of pieces of work including conference papers and workshops.
Recent Publications (within the last five years)
- Jones, A., Dardick, G., Davies, G., Sutherland, I., Valli, C., (2009), The 2008 analysis of information remaining on disks offered for sale on the second hand market. Journal of International Commercial Law and Technology, 4(3), 162-175.
- Sutherland, I., Davies, G., Pringle, N., Blyth, A., (2009), The Impact of Hard Disk Firmware Steganography on Computer Forensics. Journal of Digital Forensics, Security and Law, 4(2), 73-82, United States.
- Valli, C., Sutherland, I., Davies, G., Pringle, N., Blyth, A., (2009), The Impact of Hard Disk Firmware Steganography on Computer Forensics. Journal of Digital Forensics, Security and Law, 4(2), 73-84, United States.
- Jones, A., Valli, C., Sutherland, I., (2008), Analysis of Information Remaining on Hand Held Devices for Sale on the Second Hand Market. Journal of Digital Forensics, Security and Law, 3(2), 55-70, United States.
- Jones, A., Valli, C., Dardick, G., Sutherland, I., (2008), The 2007 Analysis of Information Remaining on Disks offered for sale on the second hand market. Journal of Digital Forensics, Security and Law, 3(1), 5-24, Farmville, Virginia .
- Sutherland, I., Xynos, K., Jones, A., Blyth, A., (2012), Protective Emblems in Cyber Warfare. The Proceedings of the 13th Australian Information Warfare Conference, 10-16, Perth, Australia.
- Goodwin, M., Sutherland, I., Roarson, F., Drange, T., (2012), Assessing the accessibility of E-learning. Norsk konferanse for organisasjoners bruk av informasjonsteknologi: NOKOBIT 2012, 145-158, Norway.
- Sutherland, I., Jones, A., (2008), Industrial Espionage from Residual Data: Risks and Countermeasures. Proceedings of The 6th Australian Digital Forensics Conference, 165-170, Perth, Western Australia .