There is an increased societal need for highly skilled digital security and digital forensics professionals, and thus the courses needed to train them. On such courses, virtual laboratories are an effective tool to deliver authentic, industry-applied learning at scale. They provide challenging learning environments, and a supportive space in which it is “safe to fail” and learn from experience.

One key skill needed by such professionals is navigating and extracting information from file systems on disk images. Developing this skill requires access to a variety of disk images, but genuine images are protected by data-protection laws and are often impractical to use in teaching labs at scale. Tutors therefore need to develop synthetic, virtual images for their students, but creating these manually is complex and time-consuming.

This paper outlines the approach taken by a higher education institute in the UK to develop a tool to generate synthetic, virtual disk images for the digital investigation of file systems in a virtual laboratory environment. This paper first reviews existing methods and tools for creating virtual disk images through the lens of teaching and assessment. Several existing tools were identified, but all were found to be either unavailable, impractical to use due to out-of-date components, or unsuitable for an educational context. The development of our own software tool to generate disk images is then outlined.

The tool described creates disk images with multiple partitions of differing types and sizes with different file systems. These are populated with files and directories, which are then manipulated to mimic a real disk image. In addition, the system generates data related to each disk image to provide individualised student question sheets for their specific disk image. A solution sheet is also automatically generated to assist students with self-directed learning and facilitate efficient marking of summative assessments.

The tool enabled the adoption of a more authentic assessment style and supported individualised practical assessments. Reflections on the lessons learnt will be of interest to tutors considering the transition to authentic assessment using virtual laboratories, especially in the area of digital forensics. The paper concludes by outlining future plans to make the tool more user-friendly to facilitate wider dissemination and the addition of features to support more advanced use cases.

Keywords: Forensic computing, virtual labs, authentic assessment, assessment automation.