Digital ForensicsOutline of the UnitObjective of the CourseOutline of the CourseSlide 5Course WorkTerm Paper OutlineProgramming/Digital Forensics Projects –Course RulesContactAssignments: Due September 17, 201000 Hands-on ProjectPapers to Read for Exam #1Slide 13Slide 14Papers to Read for Exam #2Papers to Review for Exam #2Slide 17Questions for ExamDigital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasIntroduction to the CourseAugust 20, 2010Outline of the UnitObjective of the CourseOutline of the CourseCourse WorkCourse RulesContact-Text Book: Guide to Computer Forensics and Investigations-Third Edition, 2008-Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart-Thompson Course TechnologyObjective of the CourseThe course describes concepts, developments, challenges, and directions in Digital Forensics.Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008.Topics include:-Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,Outline of the CourseIntroduction to Data and Applications Security and Digital ForensicsSECTION 1: Computer ForensicsPart I: Background on Information SecurityPart II: Computer Forensics Overview-Chapters 1, 2, 3, 4, 5Part III: Computer Forensics Tools-Chapters 6, 7, 8Part IV: Computer Forensics Analysis-Chapters 9, 10Part V Applications-Chapters 11, 12, 13Outline of the CoursePart VI: Expert Witness-Chapters 14, 15, 16SECTION II-Selected Papers -Digital Forensics Research WorkshopGuest Lectures-Richardson Police Department-North Texas FBI-Digital Forensics Company in DFW areaCourse WorkTwo exams each worth 15 points-Mid-term and Final exams (October 22, December 3)Programming project worth 14 points (December 3)Three homework assignments worth 8 points each (September 17, September 24, November 12; 9-1, 9-2, 10-3)Term paper 10 points (December 3, 2010)Digital Forensics Project 14 points (SAIAL Lab, November 19)Total 92 points (i.e., if you get 92 points then you get 100% for the course)Extra credit opportunitiesTerm Paper OutlineAbstractIntroductionAnalyze algorithms, Survey, - - -Give your opinionsSummary/ConclusionsProgramming/Digital Forensics Projects – Encase evaluation Develop a system/simulation related to digital forensics-Intrusion detection-Ontology management for digital forensics-Representing digital evidence in XML-Search for certain key wordsCourse RulesUnless special permission is obtained from the instructor, each student will work individuallyCopying material from other sources will not be permitted unless the source is properly referencedAny student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the departmentContactFor more information please contact-Dr. Bhavani Thuraisingham-Professor of Computer Science and-Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080-Phone: 972-883-4738-Fax: 972-883-2399-Email: [email protected]://www.utdallas.edu/~bxt043000/Assignments: Due September 17, 201000Hands-on ProjectAssignments #1 and #2Chapter 2: 2.1, 2.2, 2.3Chapter 4: 4.1, 4.2Chapter 5: 5.1Assignment #3Chapter 9: 9-1, 9-2Chapter 10: 10-1Papers to Read for Exam #11. Iowa State University Paperhttps://www.dfrws.org/2005/proceedings/wang_evidencegraphs.pdf2. Papers on Intelligent Digital Forensicshttp://dfrws.org/2006/proceedings/7-Alink.pdfXIRAF – XML-based indexing and querying for digital forensicshttp://dfrws.org/2006/proceedings/8-Turner.pdfSelective and intelligent imaging using digital evidence bagshttp://dfrws.org/2006/proceedings/9-Lee.pdfDetecting false captioning using common-sense reasoningPapers to Read for Exam #13. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers)Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. -Tamper Detection in Audit LogsDid the problem occur? (e.g. similar to intrusion detection)Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006.Who caused the problem (e.g., similar to digital forensics analysis)Papers to Read for Exam #14. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE ExploreMohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-14485. Steganography (High level Understanding of the following paper-http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm6. Initial chapters of the Thesis from Ireland for Event Reconstruction-http://www.gladyshev.info/publications/thesis/Formalizing Event Reconstruction in Digital Investigations Pavel Gladyshev, Ph.D. dissertation, 2004, University College Dublin, IrelandPapers to Read for Exam #2Forensic feature extraction and cross-drive analysis-http://dfrws.org/2006/proceedings/10-Garfinkel.pdfA correlation method for establishing provenance of timestamps in digital evidence-http://dfrws.org/2006/proceedings/13-%20Schatz.pdfPapers to Review for Exam #2FORZA – Digital forensics investigation framework that incorporate legal issues-http://dfrws.org/2006/proceedings/4-Ieong.pdfA cyber forensics ontology: Creating a new approach to studying cyber forensics-http://dfrws.org/2006/proceedings/5-Brinson.pdfArriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem-http://dfrws.org/2006/proceedings/6-Harris.pdfPapers to Review for Exam #2Paper on File CarvingPaper on Video SurveillancePaper on Secure voting machine (for the extra credit question)MS Thesis paperQuestions for Exam6 questions on the 6 papers (please see previous three charts)Digital WatermarkingExpert WitnessFile Carving MS Thesis (first few Chapters)Next Generation Digital Forensics / Suspicious event detection (video surveillance)Extra
View Full Document