Sobre la dinámica de los sistemas económicos

Adults learn best by facing challenges and by solving problems in a hands-on training environment that closely simulates their real-world job skills. This

112 Forensic Computer Crime Investigation

simple fact is lost on many training organizations that attempt to teach technical subjects through lecture and theory without the benefit of practical hands-on exercises.

The development of a hands-on training environment requires capital expense on the part of the training organization in the form of computers, networks, hardware, software, maintenance, and upgrades over time. Although expensive initially, the benefits of such a capital outlay far outweigh the initial and ongoing costs.

When considering a hands-on training environment, the training orga- nization should closely evaluate the type and level of training being consid- ered. Advanced forensic training courses or courses involving highly technical subject matter, such as intrusion investigation, require sophisticated net- worked computer systems and security appliances that can be accessed by students and are not a part of the production information infrastructure of the training organization itself. This setup protects the production environ- ment from damage while still affording students access to the inner workings of an enterprise system.

Equipment can be purchased, leased, or donated. Regardless of the acqui- sition method, it will require ongoing maintenance for both the hardware and software components. If a piece of equipment or a software program is a critical part of a particular course, then that course budget must provide for its ongoing maintenance and upgrades over the life cycle of the equipment and for the life cycle of the course, respectively.

It is all too easy to become hardware rich in a training environment by purchasing hardware so specialized that it cannot be used across multiple programs. Although there are times when limited-use equipment is critical to the development of a core skill set for a trainee, training organizations must look for flexibility in the equipment they purchase. The nature of the training the organization conducts will dictate the type of equipment they purchase. A fixed training center has the advantage of being able to use large systems with a lot of capability in the form of multiple drives, complex networks, and multiple security appliances in fixed racks. If the training center is to be portable, then weight, size, and connectivity become more of an issue. Consider the intended venue prior to the purchase of a computer training center and select equipment that is best suited for deployment in that venue.

The development of a mobile training center adds several dimensions to the equipment specification process. The use of laptop computers can limit the degree to which forensic training can be delivered at remote sites but may be fine for investigative training courses. The use of Shuttle-type systems may be better suited to mobile forensic training. These units are, however, bulkier and require a larger shipping system. The additional bulk and shipping

Computer Forensics & Investigation: The Training Organization 113 adds expense to the course that must be weighed against the enhanced hands-on capability.

Computers draw power from a wall circuit, and a computer laboratory draws a lot of power from a circuit. The power requirements of a 40-computer mobile training center must be closely estimated and a suitable site found that supports the space and power needs of such a center. When the presen- tation equipment, such as projectors, and the network equipment are added to the mix, the mobile lab may overwhelm the power available at the host site. These issues must be addressed ahead of time when choosing the remote site.

The training organization has a sizable investment in any mobile training center. Hotels and other venues may not have absolute control over staff access to large conference rooms and classrooms. Advanced arrangements must be made to address the security of the mobile equipment when it is on-site after hours. Rooms that have limited access and can be locked securely at night should be used during mobile training classes. It may also be advis- able to hire overnight security for the equipment to prevent theft or damage. Network connectivity is another concern when deploying mobile com- puter training facilities. Training organizations that utilize remote sites must carefully coordinate with the Internet service provider at the site to ensure appropriate connectivity and sufficient bandwidth for the mobile training operation. For most law enforcement investigative training classes, the issue of filters and restricted Internet access should also be addressed. Many Inter- net service providers servicing hotels and remote training sites use filters or firewalls that prevent access to objectionable areas of the Internet. It may be important as part of the training curriculum to have students access areas of the Internet where they will be doing their investigations. If so, the filters and firewall rules must be altered to allow such access. If done properly, mobile training centers can provide a platform for outreach to students who may not otherwise have the opportunity to receive hands-on computer investiga- tive or forensic training.

The acquisition and configuration of equipment is secondary to the practical application of that equipment in the training environment. Having the proper equipment in place only provides the instructor with a platform for learning. The ways in which that platform is utilized in the learning process makes the difference between an effective training program and a static computer show.

Whenever skills are being taught to trainees, those skills should be rein- forced with hands-on practical exercises designed to illustrate the practical application of the skill. A great deal of thought must go into the design and conduct of practical exercises to ensure that they are relevant and reflect problems being faced in the real job environment. Additionally, a series of

114 Forensic Computer Crime Investigation

integrated practical exercises should be used to help build and reinforce a set of skills that can later be deployed in the field.

It is never a good practice to use unreasonable or unsolvable practical exercises. This is particularly true when the exercise does not reflect scenarios likely to be encountered in the field. The practical exercise is a tool to help the trainee or student enhance their skill set and can be used very effectively when it is integrated into a building-block approach to attain the desired skill level. The “gotcha” or “ambush” practical exercise is rarely, if ever, useful unless the goal is to make the trainee or student shy away from a particular activity.