As I sit here writing this, I am in the process of finalising my end of module assignment ready for submission to the Open Uni. I actually finished my EMA report this morning and was pretty pleased with the end result, but am now having to re-write parts of it due to yet another hiccup in the OU website. Despite expecting us to upload files to support our report (for example, our contemporaneous notes file generated by CaseNotes, HTML fragments acquired from the suspect laptop and so on), the submission website is refusing to accept anything that isn’t a Word file, even if it’s put into a zip file. Grr.
Now seems as good a time as any to reflect on my feelings towards the course. Overall, I have enjoyed it and definitely feel it was worth taking. I learnt much more about the legal side of things than the actual technical side of performing an analysis. Anyone thinking of taking the course: be aware that there is an awful lot of work on the legal side of things. It’s probably not too bad if you’re coming from a profession that deals with the law, but it’s quite heavy going for an IT sysadmin with no previous legal experience! I found the technical side of the course relatively straight forward, although I had already got a fair bit of experience using Linux with tools such as Autopsy for analysis. I was a little disappointed there weren’t more hands-on tasks. Aside from a couple of optional tasks to familiarise you with the tools, you don’t really do any “proper” forensic analysis until the very final stages of the course where you get taught the basics required to do an analysis for the EMA.
My biggest criticism of the course is mainly with the admin side. There were a few administrative errors such as the wrong material being sent out to incorrect mailing addresses, and it felt like an awful lot of the course material contained out of date links. Yes, I know that websites disappear over time, and one or two broken links wouldn’t be an issue, but it seemed there were a few sections that comprised mainly of a list of broken links. I know it’s a post-grad course, and you’re expected to do your own research, but it would be nice if the OU could update their material occasionally. It’d also be nice if they could double check when they’re sending out virtual machines that they’re actually sending out the correct one. I find it generally makes it easier to find the evidence when you’re looking at the right VM!
I remember back when I started the course nine months or so ago, I skipped ahead to the first TMA and thought…holy crap, I barely understand what the questions are asking, how the frack am I gonna get through this?! Having made it through it with (I think) a respectable score, I am quite pleased with myself. Doing this course, however, has made me much more aware of how much time I am going to have to commit to studying if I decide to go ahead with an MSc in Computer Security next year. No more World of Warcraft for me!