The nutrition information tables on the back of most prepared foods can provide a variety of Maths/Numeracy lessons with a healthy eating message. Above is the scan of a nice chargrilled vegetable and pesto pizza. No crisps when your having this – the pizza supplies the just under half the guideline daily amount of salt in one portion! 26% of saturated fat was less than I was expecting, given the Parmesan cheese liberally covering the base.

My real shock was that a single full butter croissant contains 41% of your daily saturated fat intake, more than a serving of apple pie. Less of those croissants, as the Food Standards Agency is encouraging us to cut down on the saturated fat. I’ve always been fond of bagels, and they have much less fat.

The ‘traffic light’ labeling does help spot the higher quantities of salt and saturated fat – the red sodium line in the pizza above stands out OK.

• Download a PDF file with a range of 4 figure mathematical tables including Sine, Cosine, Tangent, Log, Ln and some statistical tables
• Download the spreadsheet used to generate the mathematical tables

I use these when we need to do the blood stain angle activity before students have had time to buy a scientific calculator. I find the process of finding the sine value in the table and reading off the angle helps build a ‘picture’ of the sine function as well.

Related links

• What real forensic scientists do with blood stains
• Inclined plane used for simple experiment
• Simulated blood stains
• Measuring blood stains with PhotoShop

Forensic pinboard is a new blog and the first post is about Blood Stain Analysis. The information could be useful to any B/TEC Forensic Science students who are basing Maths assignments on blood stain analysis.

Related links

• Inclined Plane
• Blood stain simulation
• Measuring blood stains with Photoshop

The BTEC Award in Applied Science (Forensic Science) Units have been re-written for first use next academic year. The Maths units look to be a significant improvement to me.

EdExcel are making the Units available as a (huge) 600 page download for Award, Certificate and Diploma and all the core and optional units for a range of qualifications.

I spend 10 minutes hacking out just the criteria for the Units available on the Award into a text file and then via Word into PowerPoint with one criterion per slide. We then printed 6 slides to a sheet, cut them up and pasted the criteria to a timeline showing a series of integrated vocational tasks. The year follows the logic of an investigation, and we can see where the criteria fit and which will need to be taught as discreet ‘subjects’.

Note. This material is copyright to EdExcel and possibly individual authors, and if any rights owner objects to my putting the criteria out like this, I will remove the criteria text.

Notation : The number in front of each statement below is the Unit number. The P, M, D letters indicate the grade level, and the trailing number is the BTEC reference number for the criterion.

• 1P1 outline the key features of the periodic table, atomic structure and chemical bonding and carry out simple titrations and calculate accurate results
• 1M1 draw conclusions based on the practicals carried out
• 1D1 explain the use of preparing standard solutions and titrations and describe how this may be carried out differently in industry
• 1P2 describe, using a light microscope and electron micrographs, the structures and functions of the components of prokaryotic and eukaryotic cells and provide illustrations of types of animal tissue
• 1M2 explain the importance of cell differentiation in the formation of tissues in eukaryotes
• 1D2 compare different tissues with similar functions in terms of their structure and functions
• 1P3 describe the different types of energy and their interconversions
• 1M3 practically demonstrate a range of energy interconversions with appropriate explanations of the systems investigated
• 1D3 evaluate the efficiencies of energy conversion systems
• 1P4 construct simple series and parallel electrical circuits and describe the properties of the main regions of the electromagnetic spectrum.
• 1M4 describe how series and parallel circuits operate referring to current and potential difference, and explain the applications of the main regions of the electromagnetic spectrum.
• 1D4 perform calculations on series and parallel circuits, and explain applications that use electrical circuits.
• 4P1 produce samples of at least two compounds and estimate their purity
• 4M1 measure the yield and purity in the preparations carried out and describe the factors that influence them
• 4D1 explain how the highest yield and best purity could be achieved in the preparations carried out
• 4P2 apply sampling techniques while working safely
• 4M2 describe the importance of sampling in a specific industrial context
• 4D2 explain potential sources of error in sampling and describe how to deal with errors
• 4P3 carry out analytical techniques and report the results accurately
• 4M3 explain the importance and legal responsibilities of working safely
• 4D3 explain the importance of working accurately and how accuracy can be ensured in the techniques used
• 4P4 select and use appropriate instruments to test substances or materials.
• 4M4 explain the choice of instruments in the practical exercises.
• 4D4 evaluate the variables in operation of instruments used and how they could be optimised.
• 5P1 describe the development of one scientific theory, highlighting the processes involved
• 5M1 differentiate between those questions that science is currently addressing, those that science cannot yet answer and those that science will never be able to answer, giving two examples of each
• 5D1 explain the necessity for peer-review and why sometimes there is resistance to new scientific theories
• 5P2 list public concerns about science highlighted in the media and describe two recent cases
• 5M2 explain whether concerns raised about science in the media are justified by analysing two recent cases
• 5D2 analyse whether the media makes a positive contribution to the public’s perception of science
• 5P3 list scientific or technological developments which have raised ethical or moral issues and describe the issues associated with two developments
• 5M3 explain the progress made by one contemporary scientific or technological advance and analyse the effect on society as it was developed
• 5D3 analyse the ethical and/or moral arguments associated with two scientific or technological developments and substantiate your own conclusion
• 5P4 describe five different groups and/or organisations that have a political agenda and their influence on science.
• 5M4 explain that financial support influences scientific research.
• 5D4 explain how science can be put to uses other than those originally intended and how this affects either society or society’s perception of science.
• 6P1 carry out mathematical procedures involving units, numbers, areas, volumes, indices, formulae and equations in a practical laboratory situation
• 6M1 explain how the use of some operations can give skewed information and how errors may occur
• 6D1 explain the use of negative indices in the stages of making serial dilutions
• 6P2 plot and interpret linear and non-linear graphs from primary and secondary experimental data
• 6M2 explain why different graphs are used to present scientific data and how errors may occur
• 6D2 evaluate the usefulness of graphs in displaying the results of scientific experiments
• 6P3 record and display scientific data appropriately, indicating any errors.
• 6M3 justify the levels of accuracy in the use of particular types of data collection methods in laboratory experiments.
• 6D3 evaluate the appropriateness of the methods used to record and display data.
• 7P1 demonstrate the ability to carry out mathematical procedures as a result of practical laboratory work
• 7M1 explain, using calculations as examples, how indices and logarithms can simplify mathematical procedures when dealing with very large or small numbers
• 7D1 evaluate, using given examples, the need to use various methods to determine the size and influence of errors on final calculations and conclusions
• 7P2 demonstrate the classification of data and the correct application of a student t-test to data from a laboratory experiment
• 7M2 explain, by giving at least two examples involving probability, mutually exclusive and independent events, the addition and multiplication rules and conditional probabilities
• 7D2 analyse and justify at least two statistical procedures you have used in biology, physics or chemistry experiments
• 7P3 demonstrate the ability to plot a linear and non-linear graph using scientific data and calculate the rate of change by the most appropriate method.
• 7M3 explain, using three or more examples, how 2D and 3D structures and their symmetry can be understood and represented diagrammatically.
• 7D3 evaluate using laboratory-based data the advantages of presenting such data in graphical, numerical or algebraic form.
• 8P1 use two different statistical techniques
• 8M1 explain and justify the selection of the two statistical techniques chosen
• 8D1 justify and explain the sampling process and deductions made in the statistical analysis
• 8P2 process data from a scientific problem using an equation and a graph to display the results and provide a valid conclusion
• 8M2 estimate the sources and sizes of the errors and accuracy of the solution
• 8D2 evaluate the techniques used and the conclusions reached to solve the scientific problem
• 8P3 use the chi-squared test to support a scientific hypothesis.
• 8M3 analyse the results of the chi-squared test to make valid conclusions to support the scientific hypothesis.
• 8D3 evaluate the use of the chi-squared test in making probability judgements.
• 10P1 outline the structures and processes used by the organisation to produce a product or perform a service, and identify any health and safety issues
• 10M1 analyse the processes used by the organisation to produce a product or perform a service
• 10D1 assess the influence of legislation on the processes used to produce a product or perform a service
• 10P2 describe the role and responsibilities of the scientist/technician in the organisation
• 10M2 outline typical career development and/or progression for a science technician in the organisation
• 10D2 analyse the different career paths through the organisation of personnel entering at different levels
• 10P3 plan and carry out a practical investigation in the laboratory to represent a larger scale industrial process that is carried out by the organisation
• 10M3 analyse the results of the investigation and explain their contribution to the organisation
• 10D3 explain how and why the industrial scale differs from the laboratory scale
• 10P4 describe the statutory and voluntary constraints that may apply to the organisation (and identify the consequences of non-compliance to both the employer and employee).
• 10M4 analyse systems used by the organisation to ensure adherence to the controls.
• 10D4 comment objectively on any issues of public concern that may arise from the work of the organisation.
• 20P1 describe atomic structure, radioactivity, and the production of X-rays and ultrasound
• 20M1 explain the random nature of decay and how it relates to half-life
• 20D1 analyse the effect of the operation and design of the tube/head on a typical Xray spectrum
• 20P2 describe the production and detection of radiopharmaceuticals and the operating principles of the gamma camera
• 20M2 compare the desirable biological properties and radiological properties of radionuclides used for imaging
• 20D2 evaluate the choice of radiopharmaceuticals for a range of clinical imaging requirements
• 20P3 outline the process of magnetic resonance imaging, and the instrumentation and equipment used
• 20M3 explain the factors influencing signal intensity in MRI
• 20D3 compare and evaluate the appearance of bone and soft tissue in an MRI scan and a conventional X-ray
• 20P4 explain the principles and effects of radiation therapy and the equipment used.
• 20M4 explain how excessive exposure to radiation can cause harm.
• 20D4 evaluate a range of therapy techniques, types of radiation available and the equipment used.
• 22P1 prepare and report on one organic and one inorganic substance
• 22M1 select appropriate apparatus and techniques to prepare inorganic and organic compounds
• 22D1 evaluate the impact of the sources of error, and propose modifications to the procedure designed to minimise their impact
• 22P2 isolate and report on one substance from a natural material and one from a synthetic material
• 22M2 explain the principles of each stage in the isolation of one substance
• 22D2 analyse the choice of techniques and apparatus used to carry out a separation
• 22P3 carry out and report volumetric analysis and instrumental analysis to identify cations, anions and simple organic functional groups
• 22M3 explain the chemical principles underpinning the analytical tests used
• 22D3 evaluate the effectiveness of instrumental methods of analysis compared with chemical tests to identify organic compounds
• 22P4 carry out calculations and report on percentage yield and percentage purity for P1, P2 and P3.
• 22M4 explain the application in industry of percentage yield and percentage purity.
• 22D4 explain the factors that affect yield and purity in the extraction carried out using appropriate scientific ideas, and suggest, with justification, how they could be maximised.
• 31P1 describe competing criminological explanations of criminal behaviour
• 31M1 explain how explanations of criminal behaviour come from different theoretical positions
• 31D1 explain how realist criminology achieved dominance and how this influenced explanation of criminal behaviour
• 31P2 describe the arguments about the nature and extent of crime
• 31M2 explain how different definitions of crime have influenced the nature and measurement of crime
• 31D2 give reasons why crime definitions and the extent of crime are contested
• 31P3 describe a range of policies intended to control crime
• 31M3 explain how different crime control policies are claimed to work
• 31D3 analyse the differences between individual and social crime control policies
• 31P4 describe the main changes in penal policy from 1850.
• 31M4 explain how changes in penal policy are influenced by criminological explanations of crime.
• 31D4 outline contemporary competing penal policies and evaluate the strengths of their theoretical explanations.
• 32P1 carry out a forensic examination of a simulated crime scene and gather biological, physical and chemical evidence using appropriate methods
• 32M1 describe fully the procedures used to gather evidence from a crime scene
• 32D1 justify the procedures used to gather evidence from a crime scene and show how a systematic application of procedures can minimise the risk of missing forensic evidence
• 32P2 outline the main techniques used for analysing biological, physical and chemical evidence
• 32M2 describe fully the main techniques used in the analysis of forensic evidence
• 32D2 evaluate the techniques used in the analysis of forensic evidence and identify the types of evidence or circumstances in which each might be appropriate
• 32P3 plan and carry out practical work to analyse biological, physical and chemical evidence that they have gathered
• 32M3 explain and justify the techniques they have used in the analysis of the forensic evidence they have gathered
• 32D3 draw valid conclusions based upon the evidence from their forensic examination of a crime scene and present the results appropriately
• 32P4 report the results and conclusions of a chemical, physical and biological forensic examination.
• 32M4 defend the conclusions drawn in the report.
• 32D4 evaluate how the information could be communicated more clearly, including aspects of probability.
• 33P1 select and use equipment and conditions to make a photographic record to the standard required for use as forensic evidence
• 33M1 select and explain the equipment and conditions to be used for three given different situations
• 33D1 compare and contrast various cameras on the market for forensic use
• 33P2 identify the theoretical principles behind the selection and use of photographic conditions for forensic purposes
• 33M2 explain the theoretical principles behind the selection and use of photographic conditions for forensic purposes
• 33D2 evaluate the choice of photographic conditions and techniques for a forensic investigation
• 33P3 identify the use of 35mm film and digital photography for use in the CJS
• 33M3 describe the reasons for preferential use of 35mm film or digital photography for use in the CJS
• 33D3 analyse the advantages and disadvantages of digital photography for use in the CJS
• 33P4 produce a forensic photographic portfolio of a crime scene to the standard required for use as forensic evidence.
• 33M4 explain the role played by forensic photographic evidence and its significance.
• 33D4 explain the content and implications of the images in their portfolio, justifying why they are included.
• 34P1 describe how three psychological perspectives have been used to explain criminal behaviour
• 34M1 compare and contrast psychological perspectives used to explain criminal behaviour
• 34D1 evaluate the usefulness of psychological perspectives in explaining criminal behaviour
• 34P2 plan and carry out a psychological study into a crime issue and produce a written report
• 34M2 explain how the results of the psychological study contribute to the understanding of a crime issue
• 34D2 evaluate the psychological study, comparing the results and conclusions with other reports
• 34P3 describe how psychology theories have been applied to different issues in the CJS
• 34M3 demonstrate the application of psychological theories to issues in the CJS
• 34D3 appraise the application of psychological theories to aspects of the CJS
• 34P4 describe the influence psychological research has had on aspects of the CJS.
• 34M4 explain in detail how psychological research has influenced aspects of the CJS.
• 34D4 evaluate the influence of psychological research on aspects of the CJS.

I decided to add in calculating the actual probabilities for the various possible numbers of vestigial winged flies, but we limited that to 12 flies. The students tried out the nCr button on their scientific calculators and we had a look at the factorial function and how it ‘blows up’ very quickly with increasing n.

The binomial probability formula is

where

• n is the number of trials (coin tosses or offspring)
• k is the number of ‘desired’ outcomes
• p is the probability of a ‘desired’ outcome on a single trial
• q is the probability of not getting the ‘desired’ outcome on a single trial

The structure of the formula can be chunked as follows

• p^kq^{(n – k)} is the probability of getting exactly k ‘desired outcomes’ – perhaps one route through a huge 12 deep tree diagram
• nCr is the number of different routes through the tree diagram that have this probability

n = 60 is out of the range that a calculator can handle, nCr becomes too large, but a spreadsheet can calculate the values using =combin(n,k).

Below are the results for tossing a coin and looking for heads (p = 0.5)

The green lines show the 2.5% ‘tails’, my argument being that any number of heads between 22 and 36 is consistent with the assumption that the coin is ‘fair’.

Below is a plot of the probabilities for flies with vestigial wings, with p = 0.25

Again, the green lines show the 2.5% tails, and any number of vestigial winged flies between 9 and 21 is consistent with p = 0.25, the Mendelian ratio. The shift in the peak results from the assymetry in the probabilities; for instance, 0.25¹⁵0.75⁴⁵ being much larger than 0.15⁴⁵0.75¹⁵.

The spreadsheet allows me to change the probability of the desired outcome to p = 0.333 to demonstrate the ‘range of rejection’ for the hypothesis that flies with vestigial wings will occur one third of the time. I understand this to be the hypothesis that some of Mendel’s rivals put forward, corresponding to the assumption that the aA and Aa genotypes were the same, and constituted one equally likely outcome. In the 1840s and 1850s, people would not have been talking about genotypes and phenotypes however.

The students may not have any reason to reject the null hypothesis of no difference between the expected values based on Mendelian inheritance (1:3 ratio) and the observed values. It might equally be the case that the observed values are consistent with the expected values based on a 2:1 ratio with only 60 flies! By pooling the available datasets, they may be able to discriminate between the two hypotheses.

Related links

• MS Excel spreadsheet showing binomial probabilities for 60 trials
• Download an openoffice spreadsheet (ODS) with 60 event binomial table
• Chi-square spreadsheet (MS Excel) simulates 60 flies offspring as random trial with Yates correction
• MS Excel spreadsheet without Yates’ correction
• Lisa C’s data from the F2 offspring
• Recipe for calculating the chi-squared statistic
• Some F2 generation fly breeding data from Liz G’s AS and BTEC groups
• Genetics lab manual (PDF) from the University of South Florida
• My teaching notes (PDF) for this topic, they need re-writing but the Unit has been changed so we probably won’t do the chi-square test in the future

Summary :: Pupose made inclined plane makes practical work less confusing for students, and looks the part. Students studying a Maths unit as part of the BTEC National Certificate and Award in Forensic Scence find the practical work and relatively ‘real’ context motivates the Maths. As we all know, if students can be cajoled to do Maths, it sticks and then generates intrinsic motivation.

There is a simple formula (A = arcsin(w/l)) used to calculate the angle of impact of a liquid drop on a surface. The assumption is that the drop is spherical and that the stain will be elliptical – just like projecting a parallel beam of light of circular cross-section onto the surface. You just can’t beat the conic sections!

This formula is found in forensic science textbooks (White, Jackson & Jackson) as a way of working out the angle at which a blood stain hits a wall. I base part of a forensic maths assignment on an experimental test of this formula. Students have to

• work in pairs or threes to devise an experiment to test the formula
• discuss how to allow comparison of results between the groups
• carry out the experiment and note any changes to the plan that become necessary
• process and present the results including a quantitative estimate of the error bound for each angle they test
• discuss the results and come to a conclusion about how far they trust the formula

Forensic experts will tell you that the main point of blood stain pattern analysis is to determine the position of impact within a few metres (ie was the victim lying down or standing up when hit with the blunt instrument) so 5 degrees either way will decide the case. I encourage students to follow through a simple error analysis. Errors of two or three degrees are typical within the range 20 to 80 degrees. Errors can become larger outside that range.

The independent variable is the true angle of impact of the liquid drop, the dependent variable is the angle of impact estimated from the ellipse. Factors involve the nature of the paper surface and the viscosity and ‘thickening’ of the liquid. Central to the experiment is some kind of inclined plane.

Until recently, I have been using a dissection board propped against the wall and held with a 5Kg weight as the inclined plane. Students measured the length of the dissection board and then measured the height of the upper end of the board against the wall, and then used trigonometry to work out the angle between the board and the bench, the complimentary angle being the true angle of impact. This is a fairly long chain of arithmetic, and the calculations are dangerously similar to the calculation of impact angle from the ellipse. Some students get confused with the error calculation with the measurements of the dissection board and others find the geometry difficult to untangle. The independent and dependent variables become muddied in a sea of calculations.

I’ve checked the education supply companies, but there was nothing that seemed suitable. A small forensic science company called Crime Scene Resources is making ‘angle boards’ designed specifically for this kind of measurement, and we bought two on sight. The first experiment with a small group of evening class students has gone well. This simple (but nicely engineered) device has clarified the practical and made it possible for me to give evening class students a useful educational experience.

I usually wait for the simulated blood (a mixture of treacle and milk, recipe from Paul Smithard) to dry, then put the paper samples into plastic A4 pockets, and then I scan them. We load the results into PhotoShop and measure the width and length of the stain. An alternative is to import the scan into Word and use the drawing tools to match an ellipse to the stain, then right click and read off the size. A small US company supplies the HemoSpat bloodstain pattern analysis software. Perhaps someone should suggest that the UK spelling of haemo should appear in the site text somewhere! The company supplies a demo version for Mac OS X and Windows 2000/XP.

Related posts

• Simulated blood stains
• Measuring bloodstains with Photoshop
• Simulated blood recipe
• Blood spatter pattern analysis

Links

• Crime Scene Resources
• Flash animation of the angle board in use
• HemoSpat bloodstain pattern analysis software
• Wikipedia article [check against textbooks]

The photo above shows one of today’s whiteboards as imaged using my Olympus Camedia point and shoot – the images are 1600 by 1200 pixels. I resized the image above using Photoshop Elements with bi-cubic resampling. No other adjustments have been made, the flat image is typical of this camera. A quick e-mail to ScanR.com produced a clear high contrast PDF file….

This image was cropped from the PDF file from ScanR.com using the Mac OS X Tiger Preview application and then exporting the cropped image as a TIFF file from Preview. I dragged the file into Photoshop Elements and resized to 400 pixels wide and then used the Save for Web option to produce the gif file. The PDF file weighs in at 250Kb versus 500+ Kb for the original jpg file from the camera, and I had no problem popping the pdf file direct from ScanR onto the course blog for the benefit of students not able to attend. I would not normally bother to produce the scaled down thumbnails – just pop the PDF on the system for the students.

I think that ScanR may be a useful service for capturing negotiated content like this (the map was built up from the suggestions of students – the list of headings for the structure of a major piece of writing was agreed after discussing the bubble chart) for future use and for popping into VLE and/or PowerPoints.

This is a note to myself and a backup on the Web more than anything – all typed on the Alphasmart while sitting on the train each day.

ICT v3

Revised assignment. Swap scen 3 and scen 2 and make the ACAS stuff less dry by use of case studies.

Assignment summary

Scenario 1: Define computer crime. Find three examples of recent, UK based, computer crimes of contrasting type and show how they fit your definition. List the laws broken in each of your examples and exlain the law briefly (not cut and paste). List the organisations involved in policing computer crime, and describe the processes that a person and a small business should use when reporting a computer crime.

Scenario 2: Research the phenomenon of hacking and computer addiction. Apply a taxonomy of hacker roles to a hacker of your choice. Comment on the usefulness of hacker taxonomies. Explain how the Internet works at a level appropriate to a small businessman. Name and explain the action of three different hacker tools of contrasting type and describe appropriate counter-measures

Scenario 3: Conduct a risk analysis for a small company based on a scenario you devise. Research the landmark cases that have shaped the UK law on privacy, communications monitoring and employment law regarding the Internet. Explain how the various laws involved interact and provide some best practice models for a small company. This work should be presented in the form of a PowerPoint presentation with speaker’s notes. You do not have to give the presentation.

Scenario 4: Carry out an investigation of a suspect device following an agreed protocol and provide a signed, printed witness statement recording your findings. Evaluate the main tools (e.g. EnCase) used by the forensic investigator and contrast these tools with the threat posed by hard drive cleaning software (EvidenceEliminator, Blanco) and the advent of encrypted hard drives with public keys coded in icroprocessors. Produce a risk analysis for a small company regarding evidence recovery by police due to employee activities.

Consultancy report

Your four completed scenarios should form the appendicies of a consultancy report aimed at a small company. The main body of your report should draw together the main messages under headings such as: The Problem; Future Developments; Where you want to be; How to get there.

The completed consultancy report, with appendicies and full referencing, will be e-mailed to the tutor as a single Word file of size less than 2Mb.

Session 1: The internet and society

Issue pack and assignment with calendar. Presentation on social impact of Internet. Activity: name 3 things that have changed because of the Internet; punchline: name one thing that has stayed the same!

Presentation: who runs the Inernet? ICANN, domain name system, w3, and so on. Look at Nominet.

Research: quiz on Internet history presented as a crossword puzzle.

Log in and check e-mail accounts. All send an e-mail to teacher.

Session 2: Web pages

Presentation: How the Web works.

Activity: make a simple Web page in Notepad that includes external links, three paragraph styles, some inline styles and an image linked from Web. Display in Web browser and check links. Change HTML code and notice how browser changes after refresh. Extension: use entity codes to disguise a message.

Plenary: look at the source code of some Web pages and pick out the main elements including recognising javascript code. Run thru’ the halifax.co.uk e-mail scam.

Log into Moodle and set up profiles. Access the HTML quiz and fill in evaluation.

Session 3: Crack the code

Present a simple coded message in ROT13 and work alone for 5 minutes. Then allow working in pairs for another 5 minutes. Then allow group and general sharing of information. Collate the cracked letters and see if we can get the formula. Invite class to factorise the number 127,967 into two prime numbers (check with Du Sautoy).

Debrief: When did you get the big picture? Answer: when we could work together. Timeline of hacking – in parallel with Internet and Web development. Hackers share information like currency.

Presentation: RSA cryptography. How to recognise a secure connection. Full public key encryption is expensive in processor time.Other methods available. Who monitors all work in number theory? The Grant prizes (check with Du Sautoy).

Log into Moodle and complete the code quiz and evaluation.

Session 4: The law and computers part 1

Presentation: How UK law works and why it is different to US law. Aspects of PACE and the Justice Act. CMA 1990. APIG updates to CMA. Sexual Offenses Act 2003, ‘grooming’ now a crime. DoS attacks anomaly.

Activity: The sad case of Nigel Smethwick. Discuss in groups. Post findings back into Moodle. Compare with others. Summarise and e-mail back to tutor before next lesson.

Homework: What is ELSPA and why is this organisation popular with trading standards officers?

Session 5: recent examples of computer crime

Presentation: ‘every crowd has a silver lining’.

Research activity: search the BBC News and The Register or other reliable sites for recent examples of computer crime. Each student to find 3 contrasting examples.

Classification/plenary: classify the crimes along two dimensions: old crimes in new ways vs new types of crime on one axis and relative severity on the other axis.

Homework: Log into Moodle and read ‘crime on the web’ by the geezer and answer questions before the next lesson.

Session 6: Issue scenario 1

Presentation: Structure the writing in the form of a short report. Use Mind Genius to plan the report in sections and agree headings for each section. Export to Word as an outline and upload as a file into Moode.

Individual: Draft and re-draft a definition of computer crime that is actually a definition. Each student to hand in a plan before the end of the lesson.

Record the definition as a response to a journal activity in Moodle.

Session 7: Hackers!

Presentation: the history of hacking, and the derivation of the term. Computer and networking culture as a new way of relating to machines. Notorious cases of hacking (Kevin Mitnick).

Activity: Work in pairs. Take the transcript of an interview and analyse the transcript using a taxonomy (Rogers, Fitch, another).

Plenary: Which taxonomy fits better, which seems to miss the point? Are modern commercial hackers less psychologically unusual than the older case histories?

Moodle: log in and add interview summary and analysis in terms of the taxonomy to the forum.

Session 8: How the internet works

Presentation: 4 layers, protocols, packets

Activity: The packet simulation with two messages flowing through nodes.

Plenary: Congestion, missed packets, logs holding distributed information.

Moodle: multiple choice quiz on how the internet works.

Session 9: History of the internet and the role of trust

Presentation: Universities in 1980s – not security aware. Spamming. USENET. Issues of freedom of speech from a US culturally specific viewpoint.

Activity: 1980s geek culture web tour and quiz. Look at Bruce Sterling’s hacker crackdown.

Discussion: How severe should punnishment of ‘exploratory’ hackers be?

Session 10: Hacker tools and methods

Presentation: anatomy of a typical incident. Main tools used (keyloggers, software disablers and so on, along with network tools including port scanners and packet sniffers).

Activity: Research the honeypot project. Find out about tripwires and the role of logging in server analysis.

Plenary: share information found in Moodle forum or wiki for this week.

Session 11: Psychology of computer and games addiction

Presentation: Not a crime in itself but spending a lot of time in front of the screen can lead to social isolation and criminality – any evidence?

Research: gaming addiction cases – any evidence of cross over into criminality? Online communities? Grooming?

Feedback: findings of research written as a ‘journal’ item in Moodle

Scenario 2: Launch

Presentation: Format of report planned in MindGenius and exported to Word. Uploaded by tutor into Moodle.

Individual: students download the template and start making notes under he headings. Tutor has individual tutorial (5 min) with each student to discuss progress and set a target.

Plenary: Agree date for e-mail of final report to tutor

Session 13: Risk analysis

Presentation: avoid drama and being the subject of headlines by managing the risks associated with online presence. Identify the main risks (people, network). Pay money to sort the network. People are harder. Pens and stationary: theft? Short phone call home: theft of service? Forwarding a naughty e-mail to colleagues: Publishing obscene material?

Activity: groups – case studies, different for each group.

Plenary: feedback on case study presentations

Moodle: upload brief notes – paragraph – in the forum.

Session 14: PowerPoint

Presentation: avoid death by powerpoint. The marketing guru’s approach (left brain auditory, speaking, right brain, visual, images). Using graphics and custom animation for maximum effect. Speaker’s notes. Export to Word as outline.

Activity: use a digital camera to make photos of hazards. Use as backdrop to slides.

Moodle: log-in and evaluate session in the journal

Session 15: ACAS guidance and risks

Presentation: employee risks and the ACAS guidance. Acceptable use policy. Need for agreement from employees for e-mail monitoring (RIPA) balance with assumption of personal confidentiality (human rights).

Activity: scenarios (one for each group) discussed in groups – draft advice to managers. Upload advice into Moodle.

Plenary: Law in the workplace gets complex! List the laws concerned and produce checklist for managers.

Session 16: Disaster strikes!

Presentation: disaster recovery strategies. Need to have a policy about backups. What is your backup strategy?

Activity: Disaster strikes – devise advice for a management on how to avoid loss of data. Research simple clear advice on the Web. Post results back to forum.

Plenary: review the checklists found and comment on the similarities. Can we boil this down to one side of A4 in bullet points? What would we put on a poster about backups for students?

Session 17: Who owns you e-mail?

Presentation: Your digital history is important and it may not be obvious who owns your e-mail. RIPA has led to clauses in contracts of employment. There have been some odd cases about e-mail recently. All ISPs are being asked to keep records on dial-in and sites visited and to keep e-mail for two years under new regulations (check this).

Activity: case studies in groups. Was the outcome reasonable and proportional to the damage caused?

Activity 2: One half: Draft some advice to employers about e-mail and surveillence. Other half: draft some advice to trade unionists about RIPA and the confidentiality regs.

Plenary: Employers vs Unions? Post the checklists into Moodle.

Session 18: Scenario 3

Presentation: summarize the content that should be in the PowerPoints, emphasise the need to expand on slides using the speaker’s notes.

Session 19: How a computer works

Presentation: block diagram of the main components of a computer. Zone in on the storage media as the main area of concern to forensic investigators. Vocabulary needs to be explained. Intel architechture now dominates the personal computer market (Windows, Linux and now Apple) – point out perils of monoculture. Role of BIOS and device drivers. Device drivers not glamorous and often written by contract programmers – poor code quality.

Activity: Each student gets a word. Research word/acronym and draft and re-draft a definition. Post to Moodle wiki for this session.

Plenary: Label the diagram – make the poster of the computer.

Session 20: The hard drive

Presentation: Modern hard drives are LARGE. The next version of windows (Vista) will support chip encrypted hard drives. How information is stored on a hard drive – use FAT but mention that NTFS is far more common. Explain slack space, swap file and point out that modern hard drives on office/admin machines almost never fill up.

Activity: make a poster about hard drives. Do the hard drive quiz.

Plenary: Research other storage devices (USB, cards, floppies, cameras, PDAs &c).

Session 21: Checksums and passwords

Presentation: Good passwords – have mix of capitals, lower and numbers. An 8 character password is one of 8^{62 random combinations, around 10}56 alternatives. If you only use 8 lowercase letters, then you have 8^{26 different possible patterns, around 10}23 different patterns – hugely quicker to crack. Mention dictionary cracking, and the need to avoid dictionary words.

Activity: work in pairs to devise an easy to remember but hard to crack password for Ettoire Scagalia, the absent minded accountant. Use Ettoire’s personal information as supplied. You may need to leave the country rapidly, as Ettoire’s friends and business assoicates in Palermo will know that you know the password….

Plenary: compare passwords. Use a security check web site to see how secure the passwords are.

Presentation: MD5 checksums – how to keep track of digital evidence. Checksum maths. Demo using a Web form based checksum generator – change one byte and the sum changes. Hash coding passwords – seeding the hash with e.g. membership number so the hash is harder to reverse engineer. Hash code dictionaries on the Web – again a case where enhanced storage causes problems.

Activity: research MD5 and SHA checksum algorithms.

Plenary: post findings to Moodle forum.

Session 22: How to secure computer based evidence

Presentation: ACPO guide to collection of electronic evidence. Need to train front line staff as decisions that are made at 3am in a badly lit house/office with shouting going on may adversely affect the value of evidence. Study carefully the pros and cons of pulling the mains lead out of computers (i.e. not ‘shutting down’). Link to previous knowledge of swap files and slack space and so forth. Link to PACE and later updates (see evening blog)

Activity: groups look at case studies (need 4 or 5) and decide what the officers should do.

Plenary: Pool advice on the different cases. What about storage? iPods? Cameras? Tell anecdote about the Maxwell case (the FSS officer who pieced together the cross-cut shredded documents…)

Moodle: log in and evaluate

Session 23: DOS

Presentation: the command prompt. Basic DOS commands. DIR command and switches. Redirection. Wildcards. File timestamps – the three types of timestamp.

Quiz: wildcard puzzle. Point out wildcards can be used in the Windows find as well.

Activity: Use the C++ IDE to shell out to a DOS session. Run the commands that list all the .jpg files on the computer to a text file called image.txt or similar. Load the file back into EDIT and compare the results. What directory has most of the images? Can you find images downloaded from the Internet?

Plenary: Present some screen shots showing the output of typical Unix command lines – demo grep, lsmod and pipe. Point out issues with the timestamp especially the ‘touched’ attribute.

Quiz: show screenshots of various timestamps. Students have to work out the squence of events (ie image copied ffrom camera to computer, modified, dumped onto USB storage).

Session 24: Suspect device

Work in pairs. Choose a device (USB storage, camera, pda, laptops). Work through the protocol for that device. One person makes notes and the other carrys out commands. Notemaker must be very clear what commands are being issued and note these in correct order and note results.

End up with file lists, timestamp information.

Plenary: piece together the story from the various audit trails on the devices. Clock that the times on the devices may not be accurate or syncrhonise. Work out adjustments.

End of session: Moodle for evaluation. Type up notes in a standard witness format. Print and sign.

Session 25: Encase and evidence eliminator

Presentation: Encase demo and what it can do. Link with MD5 checksums and swap files / slack space. Then mention evidence eliminator and how that may cause problems for EnCase. Look at scrubbing software (‘blanco’) used by companies and charities who recycle computers. widen net to include backups and so on.

Activity: discussion – should we allow people to purchase software like blanco or evidence eliminator? What if Maxwell’s sons had simply burned the evidence instead of using a shredder?

Research: Check data salvage companies for prices and types of data recovery sevice available.

Plenary: Moodle – post findings onto forum.

Session 26: Scenario 4

Presentation: write a plan for the explanation and evaluation of the techniques used by forensic investigators. Steer students towards EnCase/Evidence eliminator comparisons.

Activity: Check and sign witness statement (p6). Start work on the report for (m6).

Presentation: Risk analysis for the gaffer of a small company. Employee activity on company network results in company loosing computers/data as police take evidence.

Activity: research police attitudes to employee misuse of corporate network. Find examples.

Session 27: The Future

Presentation: show slides of previous attempts to predict the future (clive sinclair’s C5 &c). Ubiquitous Computing – mobile devices with more and more computing power and better network connectivity. Solid state data storage with seeded RSA encryption. Fridges on the Web (show the example of the Japanese Granny Kettle if it is still around).

Activity: Provide individuals with post-it notes. Ask to brainstorm likely future developments in next 7 to 10 years. Post on window and look for connections. Gather post-its for transcription.

Plenary: mention format of the consultancy report and remind that D4 needs evidence for some of the future developments!

Volunteers: transcribe the post-its onto Moodle wiki

Session 28: Demographics

Presentation: the fastest growing Web user base is in China and the most popular operating system for desktops is Red Flag Linux. Show screens in Big 5 Chinese. India and the Mumbai call centre culture, graduate quality staff for $200 a month. Digital Divide, how access to online services can distinguish people. $100 laptop from Negroponte’s project – current status and future impact given wireless local loop.

Activity: pick a trend and try to get some hard statistical evidence from web. Post quotable sources to Moodle.

Plenary: Remind that this section of D4 is only 800 words – draft and redraft. Check by e-mail if needed.

Session 29: Portfolio

Presentation: Check through skill requrements (p1, m1, d1, p3, m3, d3) and make screen grabs of e-mails. Arrange to send e-mails to class members if not covered.

Activity: personal tutorial on portfolio construction. Reminder of need for a coherent consultant report to introduce the appenicies (scen 1 &c).

Session 30: Hand in

Completed portfolios should be e-mailed to tutor as single Word files below 2 Mb in size before the start of this lesson. Those who fail to make the deadline loose re-grade opporitunity.

Agree timescale for return of assignment and regrading with students on an individual basis.

Unit evaluation form.

As one of the students said after the practical work “I’m really glad we are doing practical work in Maths – I could never see the point before”. The simulated blood stain experiment is used to test the theoretical relationship between the semi-major and semi-minor axes of an ellipse fitted to the blood stain and the angle of impact of the blood droplet with a surface. We use simulated blood consisting of a mixture of milk, treacle and a bit of food colouring to improve contrast.

The main part of the write-up is to analyse the quantitative errors on the various measurements of the width and length of the blood stain and the angle of the board that the paper surface was pinned to. The results for a range of angles are plotted as a scatter diagram and the results are quite close in the middle range (20 to 70 degrees) but the errors get serious at very high angles of impact (drop at near 90 degrees to paper – stains almost circular) and for very low angles of impact (drop at 10 degrees to paper – stains very streaky and running down surface). You very quickly realise that the errors in measurement are quite small for moderate angles – around 0.2 degrees if you measure the angle of the board using height and hypotenuse rather than fiddling with protractors.

Qualitative factors such as surface properties come to light. Students control for the height at which the blood drop was allowed to fall on the surface, and we use a range of surfaces (art paper, rough brown paper, I don’t use the paper towels any more as they absorb the mock-blood at different rates against or along the ‘grain’). The error from measurements used to find the W/L ratio for each ellipse is ‘amplified’ at large values of impact angle as a result of the steepening gradient of the sin^-1(W/L) graph in that region – see the graph below. This introduces the idea of ‘rate of change’ nicely.

I have had a lot of mileage from this simple experiment (usually takes about 90 minutes to agree method and take results. The mock bloodstains need a few days to dry out enough to measure. I put them in A4 polypockets after a week – they can be scanned through the polypockets).

• Measuring scans of stains using PhotoShop
• Recipe for the mock blood and method
• Useful resource for the blood stain analysis with step by step exercises

See a previous post on simulated blood stains for the context of this experiment. we are testing the validity of the formula θ = sin^-1(w/l) where l and w are the length and width of an ellipse fitted to a blood stain.

• Set Preferences -> Units & Rulers from the Photoshop preferences menu
• Open the info swatch by selecting Window -> info from the Photoshop Window menu
• The info swatch follow you mouse and shows the current screen coordinates relative to the top left of the image
• Dragging a line or Arrow Pointer (latter on Photoshop not Elements) will show the width and height of the distance moved from the starting point
• In effect, you get the X and Y coordinates of the two points on the width of the simulated blood stain
• Use Pythagoras to get width: width = √(W² + H²) where the W and H are read from the info swatch

Scanning direct from the simulated bood stains (paper in a plastic wallet to protect the scanner!) at 1200 dpi gives many hundred pixels on the width measurement, thus errors better than a vernier caliper.