Digital ForensicsOutline of the UnitObjective of the CourseOutline of the CourseSlide 5Slide 6Course WorkCourse RulesProgramming projectAssignmentsReading material for the Mid-termReading material for the Final examGroup 1Group 2Group 3Group 4Group 5Group 6Group 7Optional PapersContactDigital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasIntroduction to the CourseAugust 20, 2007Outline of the UnitObjective of the CourseOutline of the CourseCourse WorkCourse RulesContactObjective of the CourseThe course describes concepts, developments, challenges, and directions in Digital Forensics.Text Book: Computer Forensics: Computer Crime Scene Investigation, John Vacca, Charles River Media 2005.Topics include:-Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis, Military forensics, and Future DirectionsOutline of the CourseIntroduction to Data and Applications Security and Digital ForensicsPart I: Computer Forensics Overview-Unit #1: Fundamentals-Unit #2: Technologies-Unit #3: Systems-Unit #4: VendorsPart II: Computer Forensics Evidence and Capture-Unit #5: Data Recovery-Unit #6: Evidence Collection-Unit #7: Preserving Evidence-Unit #8: Computer Image VerificationOutline of the CoursePart III: Computer Forensics Analysis-Unit #9: Discovery of Evidence-Unit #10: Identifica6tion of Data-Unit #11: Reconstructing past events-Unit #12: NetworksPart IV: Information Warfare (OPTIONAL)-Unit #13: Defensive Strategies-Unit #14: Military tactics-Unit #15: Fighting Terrorism-Unit #16: Private Corporations-Unit 17: Future of Information Warfare-Unit #18: Surveillance-Unit 19: Civilian CausalitiesOutline of the CoursePart V: Advanced Computer Forensics (OPTIONAL)-Unit #20: Advances and Directions-Unit #21: Future DirectionsPapers from Conferences and Journals (e.g., Journal of Digital Evidence) to supplement the Textbook (several papers to be listed at the end)Each lecture will be posted on my web site before classCourse WorkTwo exams each worth 16 points-Mid-term and Final examsProgramming project worth 16 points-Due date; the day of the final examFour homework assignments worth 10 points each-Due dates will be announcedTerm paper (12 points)Total 100 pointsOptional term paper for extra credit: 8 pointsDetails of the course work will be discussed during the lecturesCourse RulesUnless special permission is obtained from the instructor, each student will work incidviaullyCopying material from other sources will not be permitted unless the source is properly referencedAny student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the departmentProgramming projectTogether with your program in a CD-ROM, please provide a design document.Design document should include:-The objective-The design-The implementation of the design-Challenges encountered-Sample runs (if applicable)-DirectionsAssignmentsAssignment 1: Text Book exercises at the end of chapters 1, 2, 3, 4Assignment 2: text book exercises at the end of chapters 5, 6, 7, 8Assignment 3: Text book exercises at the end of chapters 9, 10, 11, 12Assignment 4: Framework unit; adapt the framework for a problem you choose.Reading material for the Mid-termChapters 1-12 of the bookPapers discussed in classReading material for the Final examPapers discussed in class; papers are in groups-Group 1: Snodgrass papers (database tampering)-Group 2: Intelligent digital analysis-Group 3: Frameworks-Group 4: Evidence Correlation-Group 5: Information hiding-Group 6: Network forensics (revisited)Optional reading: remainder of the text book for extra credit in examGroup 1Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. Additional paper for reading: Kyri Pavlou and Richard. T. Snodgrass, "The Pre-images of Bitwise AND Functions in Forensic Analysis,'' TimeCenter TR 87, October, 2006. (OPTIONAL)http://www.cs.arizona.edu/~rts/publications.htmlGroup 2http://dfrws.org/2006/proceedings/7-Alink.pdfXIRAF – XML-based indexing and querying for digital forensicshttp://dfrws.org/2006/proceedings/8-Turner.pdfSelective and intelligent imaging using digital evidence bagshttp://dfrws.org/2006/proceedings/9-Lee.pdfDetecting false captioning using common-sense reasoningGroup 3FORZA – Digital forensics investigation framework that incorporate legal issues-http://dfrws.org/2006/proceedings/4-Ieong.pdfA cyber forensics ontology: Creating a new approach to studying cyber forensics-http://dfrws.org/2006/proceedings/5-Brinson.pdfArriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem-http://dfrws.org/2006/proceedings/6-Harris.pdfGroup 4Forensic feature extraction and cross-drive analysis-http://dfrws.org/2006/proceedings/10-Garfinkel.pdfmd5bloom: Forensic file system hashing revisited (OPTIONAL)-http://dfrws.org/2006/proceedings/11-Roussev.pdfIdentifying almost identical files using context triggered piecewise hashing (OPTIONAL)-http://dfrws.org/2006/proceedings/12-Kornblum.pdfA correlation method for establishing provenance of timestamps in digital evidence-http://dfrws.org/2006/proceedings/13-%20Schatz.pdfGroup 5Data Hiding in Journaling File Systems -http://dfrws.org/2005/proceedings/eckstein_journal.pdfEvaluating Commercial Counter-Forensic Tools-http://dfrws.org/2005/proceedings/geiger_couterforensics.pdfAutomatically Creating Realistic Targets for Digital Forensics Investigation (OPTIONAL)-http://dfrws.org/2005/proceedings/adelstein_falcon.pdfGroup 6File Hound: A Forensics Tool for First Responders-http://dfrws.org/2005/proceedings/gillam_filehound.pdfMonitoring Access to Shared Memory-Mapped File-http://dfrws.org/2005/proceedings/sarmoria_memorymap.pdfNetwork Forensics Analysis with Evidence Graphs (OPTIONAL)-http://dfrws.org/2005/proceedings/wang_evidencegraphs.pdfGroup 7 How to Reuse Knowledge about Forensic InvestigationsDanilo
View Full Document