UK Government Issues Cyber Security Professionalism Consultation Document

Dateline – 19th July 2018

As part of its National Cyber Security Strategy published in 2016, the Department for Culture Media and Sport today published its Consultation Document on creating the environment to develop the cyber security profession in the UK. In recognising that the UK has some of the best Cyber Security Professionals in the world the UK Government also recognises that “the need to further develop the right skills, capabilities and professionalism to meet our national needs across the whole economy is increasingly important” and that the “consultation sets out bold and ambitious proposals to implement that. It includes a clear definition of objectives for the profession to achieve and proposes the creation of a new UK Cyber Security Council to coordinate delivery”. The consultation aims are to:

* Summarise the Government’s understanding of the challenges facing the development of the cyber security profession;
* Seek views on objectives for the profession to deliver by 2021 and beyond; and
* Seek views on the creation of a new UK Cyber Security Council to help deliver those objectives.

The consultation period ends on the 31st August 2018 and therefore only provides a short period for the responses to be submitted. Responses may be submitted via an Online Portal by both organisations and individuals.

The current UK cyber security organisations were quick to recognise, that if left alone to plan and decide the future for the profession the outcome may not be desirable to their various members, a single governing body would not be suitable for all the various professional roles that are related to the cyber security profession. A collaborative ‘Cyber Security Alliance’ was therefore formed that includes many of the leading organisations such as the BCS, IET, IAAC, ISSP, to name but a few, of what has become a growing alliance. The ‘Cyber Security Alliance’ issued its own press release regarding the consultation process and its support to the National Cyber Security Strategy.

The aim of creating a Cyber Security Council is a bold move founded on previous experience of such organisations as the ‘General Medical Council’, ‘The Science Council’ and the ‘Engineering Council’. Some of these organisations were created by statute, however this is not the plan for the Cyber Security Council. Yet in this single point is the greatest danger to the future of establishing such a council. The council has to be all things to all the current organisations and potential new alliance members, with no single organisation taking a lead role, for to do so would potentially collapse the Alliance and ultimately the very idea of a Council. For this to work the cyber security council will need to be established from the ground up, be non profit for the benefit of its member organisations and have a plan to become self sufficient in the near future.

This is important for the future of the cyber security profession here in the UK and urge all to respond to the consultation to ensure that the widest possible participation is achieved.



Digital Forensics Capability Analysis

The ICT KTN, on behalf of the Forensic Science Special Interest Group (FSSIG), is conducting a survey of the UK’s Digital Forensics Capability. This work is being managed by Angus Marshall, of n-gate ltd., to whom any initial queries should be directed. The project team also includes the CyberSecurity Centre at De Montfort University.

To download this survey please visit the following links:

Word format
PDF format


Traditional Digital Forensics activities involve the recovery and investigation of material found in digital devices. Such data is at rest on static devices such as hard drives and in solid-state memory on camcorders, mobile phones, GPS navigation devices etc. The market for this activity was driven by Law Enforcement and other public sector organisations, hence it was necessary for all activities to be conducted in line with UK evidential criteria so that it was admissible in a court of law.

Our digital age has seen requirements evolve. With the ubiquitous use of email came a requirement for a new field of expertise – that known as “e-discovery”. E-discovery refers to discovery in civil litigation, which deals with the exchange of information in electronic format (electronically stored information or ESI). This data is subject to local rules and processes and is often reviewed for privilege and relevance before being turned over to opposing counsel, where the burden of proof rests on the balance of probability.

However our digital evolution has not remained static. The growth of cyberspace, the trend towards mobile devices (BYOD) and cloud services has seen data take on a far more transitory nature, and the physical location of data at rest can be difficult if not impossible to determine. Data is versioned, distributed and stored across differing networks, devices, borders and boundaries.

The traditional digital forensics practice of imaging and extracting information from disparate physical devices no longer suffices for incident investigation in cyberspace. There is an increasing requirement from businesses in the private sector, and emerging capabilities are required to keep pace so that these requirements can be met.

The team will produce a report detailing the current stakeholders, existing capabilities and challenges. This will enable the identification of areas in which there are capability gaps. Attention will then be paid to how these gaps may be reduced and any specific challenges which will need to be overcome in order to do so. Further, a glossary of terms of key digital forensics concepts with simple definitions will be produced to assist with knowledge transfer both within and outside of the FoSci community.

Your involvement

You can assist with this first stage of the survey by completing the attached questionnaire and returning it to no later than Monday, 4th March please. All responses will be treated in strictest confidence and your answers will be anonymised before they are included in the report(s).

Digital Forensics Capability Analysis – Questionnaire

If you are willing to assist with this phase of the project, please complete and return to by Monday 4th March 2013

1) What do you understand by the term “Digital Forensics”. (one or two sentence answer)

2) In which context do you use digital forensics (e.g. law enforcement, civil law, criminal law, private sector, internal investigation, information security)

3) What types of technology do you deal with in the context of digital forensics ?

4a) What is the single greatest DF challenge you, personally,  face in your everyday activities ?

4b) How do you think this challenge could be addressed ?

4c) What is the single greatest DF challenge that your organisation faces in its everyday activities ?

4d) How do you think this challenge could be addressed ?

5a ) What challenges do you think you will face in the near (1-2 years) and medium-term (2-5 years) future ?

5b) How do you think these challenges could be addressed ?

6) When you are looking for solution to digital forensics problems, who do you turn to for

a) off-the shelf solutions ?

b) bespoke solutions/product customisation ?

7) Who would you consider to be the key people or organisations relevant to your experience and usage of digital forensics ?

8) What other innovations, relating to technology, services or any other issues affecting digital forensics, do you think would be beneficial ?

9) May we contact you again for more information ?

(If “Yes”, please also provide your name and a contact phone number or email)


SIG Forensic Science

Forensic Science Special Interest Group

For more information about the FSSIG, and to get involved in the community, please see




I’m about to enrol on a forensics degree at university, can you give me any hints/tips on how to be successful in forensic IT?

The above question was sent to Digital Forensics Magazine and we thought it warranted a thoughtful answer so we asked Dr. Richard Howley who is the MSc Forensic Computing and MSc Computer Security Course Leader De Montfort University his views.

The suggestions below focus on the early part of your career, i.e., your degree and entry into the profession. Others may contribute suggestions regarding being successful as you join the profession.

1.    Get your degree from an established, respected and well connected institution. Ask your university who they work with, what visiting lectures did they have last year, what national and international initiatives are they involved in? Research into who these people are, what their organisations do and what the initiatives are. Building up your knowledge of the UK and USA forensic IT landscape is important.

2.    Get qualified. The importance of training and qualifications in this business is well known and documented. Academic awards are highly prized as is evidenced by the popularity of MScs amongst members of the profession.

3.    Get connected. Register with as many forensic IT professional bodies, forums and blogs as you can manage and monitor their work.

4.    Ask your university to provide you with some suggested preparatory materials and or activities. At De Montfort University we hope that you are already hungry for knowledge and motivated enough to seek it out; we expect you to be pushing us to provide you with work you can be doing before joining us. A list of technical skills that new entrants to our courses can develop prior to starting is provided at:

5.    If your university doesn’t provide pre-course guidance then  consider the following:

  • There are many very good text books on this subject and many come with an extensive set of investigative exercises. They take you through the process of ‘static’ PC based forensics very well. All the software, cases and evidence files you need are usually included on a DVD –a great resource. For recommendations email me.
  • Seek to understand ‘live’ forensics including malware analysis, reversing, live network forensics, memory forensics and virtualisation. Many good online and text based resources exist to support your study of these topics.
  • Other emerging concerns that you should seek information about include small scale mobile devices, e-discovery and massive data sets, the ‘cloud’, etc.
  • Mobile phone forensics is very popular and worth looking into – partly because some of the major software companies provide free trial versions of their software with online tutorials.

6.    Linking academic and professional practise include issues such as continued professional development, research design and implementation and report writing.

  • Your degree is the first step in a process of life-long learning; forensic IT never stands still and as such the learning you undertake prior to starting and during your degree will provide you with independent study skills that will serve you well throughout your entire career.
  • Whilst your course and profession may appear predominantly technical never underestimate the importance of the social, ethical and legal context of your work. You will cover this at university and your knowledge and consideration of it should be updated and applied throughout your career.
  • When you start work in the field you will quickly discover that the text books don’t have all the answers. You will need to identify and research new solutions to novel situations. This will involve designing experiments and implementing them to explore and inform your evidential hypothesis – this classic academic/research process has huge relevance to your later professional practise, so don’t underestimate it and take every opportunity to practice and develop these skills whilst at university and after.
  • Writing essays or reports and giving presentations at university are not just academic exercises. It is direct training in skills that the forensic IT professional needs. You must be able to write concisely, persuasively, accurately, with precision and in an evidenced based manner. The same is true of public speaking and presentation, i.e., giving evidence. The more frightening you find the prospect of public speaking – the more you must do it! Start in a gentle way; asking questions in class or contributing to discussions is a first step in public speaking, so do try and take part. Take every opportunity to develop and practice these skills – we can all improve no matter how experienced we are.

7.    Finally, in the profession you will be expected to know multiple operating systems (Windows and Linux extensively), file systems, hardware, connection protocols, cables, devices, etc. So get an old machine or two, a screwdriver, a bunch of operating systems and play (carefully!) – and learn!

It’s a great profession – good luck on your degree course and in the profession that follows.

Dr. Richard Howley
MSc Forensic Computing and MSc Computer Security Course Leader
De Montfort University



The first annual (ISC)² Security Congress

(ISC)² Security Congress – Collocated with the ASIS International 57th Annual Seminar and Exhibits – September 19th – 22nd, Orlando, Florida

The first annual (ISC)² Security Congress offers invaluable education to all levels of information security professionals, not just (ISC)² members. This event will provide information security professionals with the tools to strengthen their security without restricting their business. (ISC)² and ASIS International have teamed up to bring you the largest security conference in the world, with five days of education and networking opportunities. Don’t miss out. Register today! To make your selection from over 200 conference sessions, free education and special pricing on official CISSP and CSSLP Intensive education. For more information, please visit:



Issue 5 is Here

Hi folks,

Issue 5 of Digital Forensics Magazine is here. This time we’ve put together some great content on topics as far reaching as criminal profiling and volatile memory heap analysis; as well as the usual Legal section, From the Lab, and Angus Marshall’s IRQ column. We also welcome the world-famous, forensics commander-in-chief, a.k.a. Rob Lee, as one of our regulars who will be taking forward his own column in each and every issue from now on (now that’s value for money!). Also, we’ve introduced another new column to our format, this time concentrating on Mac Forensics (entitled Apple Autopsy) and at the helm of that section we welcome Sean Morrissey of Katana Forensic (and the brains behind the Lantern iOS forensics product and the forthcoming book from Apress on iOS forensics).

This is also the first of a series of special issues we’re putting together that focus on very specific themes of forensics. This idea came from a variety of 360 feedback letters and we believe it is a fantastic way of ensuring you get the biggest bang for you buck from your subscription. Issue 5 focuses on all aspects of Training & Education, opening the Pandora’s box of all the difficult issues of professionalism that you face every day.

Finally, we hope that you enjoy this issue of Digital Forensics Magazine, and please spread the word as we’ve really enjoyed our first year and want to make sure we continue publishing long into the future. We welcome all comments to our 360 department and will attempt to answer all your letters as quickly as possible.

Bye for now!




Digital Forensics Magazine Survey

As part of the Training & Education theme for Issue 5 Digital Forensics Magazine is carrying out a global survey. The survey asks digital forensic practitioners around the world to complete the survey with a view to ascertain the level of qualifications held.

The survey investigates the thoughts of practitioners on what they believe are the core competencies required of a digital forensics practitioner. They are also asking what knowledge would be required if there were practitioners graded at basic, intermediate and advanced levels.

Tony Campbell, one of the DFM publishing team said, “By asking the practitioners opinions with regard to international standards on training we hope to inform the debate going on in a number of forums on this topic.

The survey will be open over the next 3 months and we are encouraging all parties with a vested interest in the subject to take the survey to help us all understand the current status of training and education in Digital Forensics and shape the future. This is your profession, help us inform and guide those that are setting standards and making decisions about our profession. “

Readers are urged to take the 3 minute survey today at to make sure their thoughts and opinions are captured.

A summary of the results will be released in forthcoming monthly newsletters available to Digital Forensics Magazine newsletter subscribers, and the main findings will form the basis of an article in the main magazine published later this year.