22
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 31, 2012
Digital Forensics
Dr. Bhavani ThuraisinghamThe University of Texas at Dallas
Introduction to the CourseAugust 31, 2012
Outline of the Unit
Objective of the Course Outline of the Course Course Work Course Rules Contact
- Text Book: Guide to Computer Forensics and Investigations- Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher
Steuart- Thompson Course Technology
Objective of the Course
The course describes concepts, developments, challenges, and directions in Digital Forensics.
Text Book: Computer Forensics and Investigations. Bill Nelson et al, Topics include:
- Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,
Outline of the Course Introduction to Data and Applications Security and Digital
Forensics SECTION 1: Computer Forensics Part I: Background on Information Security Part II: Computer Forensics Overview
- Chapters 1, 2, 3, 4, 5 Part III: Computer Forensics Tools
- Chapters 6, 7, 8 Part IV: Computer Forensics Analysis
- Chapters 9, 10 Part V Applications
- Chapters 11, 12, 13
Outline of the Course Part VI: Expert Witness
- Chapters 14, 15, 16
SECTION II- Selected Papers - Digital Forensics Research Workshop
Guest Lectures- Richardson Police Department- North Texas FBI- Digital Forensics Company in DFW area
Course Work
Two exams 20 points each Term paper 12 points Programming project: 20 points Digital Forensics project: 16 points Four assignments each worth 8 points, total: 32 points
Tentative Schedule
Assignment #1 due date: September 21, 2012 (September 28, 2012)
Assignment #2: due date: September 28, 2012 (new date: October 12, 2012)
Term paper #1: October 12, 2012 (October 26, 2012) Exam #1: October 19, 2012 Assignment #3: October 26, 2012 (November 30, 2012) Assignment #4: November 2, 2012 (November 30, 2012) Digital Forensics Project: November 16, 2012 (November 30) Programming Project: November 30, 2012 Exam #2: December 14, 2012
Term Paper Outline
Abstract Introduction Analyze algorithms, Survey, - - - Give your opinions Summary/Conclusions
Programming/Digital Forensics Projects –
Encase evaluation Develop a system/simulation related to digital forensics
- Intrusion detection- Ontology management for digital forensics- Representing digital evidence in XML- Search for certain key words
Course Rules
Unless special permission is obtained from the instructor, each student will work individually
Copying material from other sources will not be permitted unless the source is properly referenced
Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
Contact For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- http://www.utdallas.edu/~bxt043000/
Assignments for the Class: Hands-on projects from the text book
Assignments #1- Chapter 2: 2.1, 2.2, 2.3
Assignment #2- Chapter 4: 4.1, 4.2- Chapter 5: 5.1, 5.2
Assignment #3- Chapter 9: 9-1, 9-2- Chapter 10: 10-1
Assignment #4- Chapter 12: 12-1, 12-2 , 12-3
Papers to Read for Exam #1 http://www.sciencedirect.com/science/article/pii/S1742287604000271
(crime scene analysis) http://www.porcupine.org/forensics/forensic-discovery/chapter3.html
(file system basics) http://www.fbi.gov/about-us/lab/forensic-science-communications/fs
c/july2004/research/2004_03_research01.htm (Steganography overview)
http://www.dfrws.org/2005/proceedings/wang_evidencegraphs.pdf (network forensics, Iowa state U. paper)
Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham, Kevin W. Hamlen, Latifur Khan: Insider Threat Detection Using Stream Mining and Graph Mining. SocialCom/PASSAT 2011: 1102-1110
Learn the details of one forensics tool
Index to lectures for Exam #1
Lecture #1: Digital Forensics (8/31/2012) Lecture #2: Cyber Security Modules (8/31/2012) Lecture #3: Data Mining background (no date) Lecture #4: Computer Forensics Data Recovery and Evidence
Collection and Preservation (9/7/2012) Lecture 5: Data Mining for Malware Detection (Tapes: 9/14/2012 Lecture 6: File System Forensics (discussed 10/5/2012) Lecture 7: Encase Overview (discussed (9/28/2012) Lecture 8: Insider Threat – Ms Parveen Lecture (9/14/2012) Lecture 9: Data Acquisition, Processing Crime Scenes and Digital
Forensics Analysis (9/21/2012) Lecture 10: Validation and Recovering Graphic Files and
Steganography (9/28/2012)
Index to lectures for Exam #1
Lecture 11: Expert Witness and Report Writing (10/12/2012) Lecture 12: Network and Applications Forensics (10/5/2012)
Index to lectures for Exam #2 Lecture 13: Secure Sharing of Digital Evidence (1) Lecture 14: Richard Wartell Guest Lecture (10/26/2012) Lecture 15: Detecting False Captioning (Marie Yarbrough) (0.5) Lecture 16: Detection and Analysis of Database Tampering (1) Lecture 17: Virtualization Security (0.5) Lecture 18: Guest Lecture Mr. Satyen Abrol Lecture 19: Smartphone Malware detection (Dr. Zhou) (1) Lecture 20: Dr. Lin Lecture (1) Lecture 21: Selective and Intelligence Imaging, Nicholas
Charlton (0.5) Lecture 22: XIREF, Antonio Guzman (0.5) Lecture 23: Timestamps. Kirby Flake (0.5)
Index to lectures for Exam #2
Lecture 24: Forza, Matt Lawrence (0.5) Lecture 25: Anti forensics, Charles Sammons (0.5) Lecture 26: Ontology for DF, Jason Mok (0.5) Lecture 27: Anrdoid Anti Forensics, Michael Johnston (0.5) Lecture 28: Forensics Investigation of peer to peer file
sharing Nate Bleaker (0.5) Lecture 29: Forensics Feature Extraction and cross drive
analysis, David Pederson (0.5) Lecture 30: Advanced Evidence Collection and Analysis of
Web Browser Activity, Jeff (0.5) Lecture 31: Secure Cloud Computing (0.5)
Papers to read Exam #2 (Lecture October 12, 2012)
Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004)
Abhijith Shastry, Murat Kantarcioglu, Yan Zhou, Bhavani M. Thuraisingham: Randomizing Smartphone Malware Profiles against Statistical Mining Techniques. DBSec 2012: 239-254
(this paper will be posted on e-learning. It is the lecture given by Dr. Yan Zhou)
Papers to Read for November 2, 2012 http://www.cs.arizona.edu/people/rts/publications.html#auditing
Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515.
- Tamper Detection in Audit Logs Did the problem occur? (e.g. similar to intrusion
detection) Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of
Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006.
Who caused the problem (e.g., similar to digital forensics analysis)
Papers to Read for November 2, 2012 . Papers on Intelligent Digital Forensics http://dfrws.org/2006/proceedings/7-Alink.pdf XIRAF – XML-based indexing and querying for digital forensicshttp://dfrws.org/2006/proceedings/8-Turner.pdf Selective and intelligent imaging using digital evidence bags http://dfrws.org/2006/proceedings/9-Lee.pdf Detecting false captioning using common-sense reasoning
Papers to Read for November 9 Forensic feature extraction and cross-drive analysis
- http://dfrws.org/2006/proceedings/10-Garfinkel.pdf A correlation method for establishing provenance of timestamps in
digital evidence- http://dfrws.org/2006/proceedings/13-%20Schatz.pdf
FORZA – Digital forensics investigation framework that incorporate legal issues
- http://dfrws.org/2006/proceedings/4-Ieong.pdf A cyber forensics ontology: Creating a new approach to studying
cyber forensics- http://dfrws.org/2006/proceedings/5-Brinson.pdf
Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem
- http://dfrws.org/2006/proceedings/6-Harris.pdf
Papers to Review for November 16 Advanced Evidence Collection and Analysis of Web Browser
Activity", Junghoon Oh, Seungbong Lee and Sangjin Lee http://www.dfrws.org/2011/proceedings/12-344.pdf
Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. http://www.dfrws.org/2010/proceedings/2010-311.pdf
Android Anti-Forensics Through a Local Paradigm. Alessandro Distefano, Gianluigi Me and Francesco Pace. http://www.dfrws.org/2010/proceedings/2010-310.pdf
