Download presentation
Presentation is loading. Please wait.
Published byBranden Butler Modified over 8 years ago
1
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2007
2
Outline of the Unit l Objective of the Course l Outline of the Course l Course Work l Course Rules l Contact
3
Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics: Computer Crime Scene Investigation, John Vacca, Charles River Media 2005. l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis, Military forensics, and Future Directions
4
Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l Part I: Computer Forensics Overview - Unit #1: Fundamentals - Unit #2: Technologies - Unit #3: Systems - Unit #4: Vendors l Part II: Computer Forensics Evidence and Capture - Unit #5: Data Recovery - Unit #6: Evidence Collection - Unit #7: Preserving Evidence - Unit #8: Computer Image Verification
5
Outline of the Course l Part III: Computer Forensics Analysis - Unit #9: Discovery of Evidence - Unit #10: Identifica6tion of Data - Unit #11: Reconstructing past events - Unit #12: Networks l Part IV: Information Warfare (OPTIONAL) - Unit #13: Defensive Strategies - Unit #14: Military tactics - Unit #15: Fighting Terrorism - Unit #16: Private Corporations - Unit 17: Future of Information Warfare - Unit #18: Surveillance - Unit 19: Civilian Causalities
6
Outline of the Course l Part V: Advanced Computer Forensics (OPTIONAL) - Unit #20: Advances and Directions - Unit #21: Future Directions l Papers from Conferences and Journals (e.g., Journal of Digital Evidence) to supplement the Textbook (several papers to be listed at the end) l Each lecture will be posted on my web site before class
7
Course Work l Two exams each worth 16 points - Mid-term and Final exams l Programming project worth 16 points - Due date; the day of the final exam l Four homework assignments worth 10 points each - Due dates will be announced l Term paper (12 points) l Total 100 points l Optional term paper for extra credit: 8 points l Details of the course work will be discussed during the lectures
8
Course Rules l Unless special permission is obtained from the instructor, each student will work incidviaully l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
9
Programming project l Together with your program in a CD-ROM, please provide a design document. l Design document should include: - The objective - The design - The implementation of the design - Challenges encountered - Sample runs (if applicable) - Directions
10
Assignments l Assignment 1: Text Book exercises at the end of chapters 1, 2, 3, 4 l Assignment 2: text book exercises at the end of chapters 5, 6, 7, 8 l Assignment 3: Text book exercises at the end of chapters 9, 10, 11, 12 l Assignment 4: Framework unit; adapt the framework for a problem you choose.
11
Reading material for the Mid-term l Chapters 1-12 of the book l Papers discussed in class
12
Reading material for the Final exam l Papers discussed in class; papers are in groups - Group 1: Snodgrass papers (database tampering) - Group 2: Intelligent digital analysis - Group 3: Frameworks - Group 4: Evidence Correlation - Group 5: Information hiding - Group 6: Network forensics (revisited) l Optional reading: remainder of the text book for extra credit in exam
13
Group 1 l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. l Additional paper for reading: Kyri Pavlou and Richard. T. Snodgrass, "The Pre-images of Bitwise AND Functions in Forensic Analysis,'' TimeCenter TR 87, October, 2006. (OPTIONAL) l http://www.cs.arizona.edu/~rts/publications.html http://www.cs.arizona.edu/~rts/publications.html
14
Group 2 l http://dfrws.org/2006/proceedings/7-Alink.pdf http://dfrws.org/2006/proceedings/7-Alink.pdf l XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf l Selective and intelligent imaging using digital evidence bags l http://dfrws.org/2006/proceedings/9-Lee.pdf http://dfrws.org/2006/proceedings/9-Lee.pdf l Detecting false captioning using common-sense reasoning
15
Group 3 l FORZA – Digital forensics investigation framework that incorporate legal issues - http://dfrws.org/2006/proceedings/4-Ieong.pdf http://dfrws.org/2006/proceedings/4-Ieong.pdf l A cyber forensics ontology: Creating a new approach to studying cyber forensics - http://dfrws.org/2006/proceedings/5-Brinson.pdf http://dfrws.org/2006/proceedings/5-Brinson.pdf l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem - http://dfrws.org/2006/proceedings/6-Harris.pdf http://dfrws.org/2006/proceedings/6-Harris.pdf
16
Group 4 l Forensic feature extraction and cross-drive analysis - http://dfrws.org/2006/proceedings/10-Garfinkel.pdf http://dfrws.org/2006/proceedings/10-Garfinkel.pdf l md5bloom: Forensic file system hashing revisited (OPTIONAL) - http://dfrws.org/2006/proceedings/11-Roussev.pdf http://dfrws.org/2006/proceedings/11-Roussev.pdf l Identifying almost identical files using context triggered piecewise hashing (OPTIONAL) - http://dfrws.org/2006/proceedings/12-Kornblum.pdf http://dfrws.org/2006/proceedings/12-Kornblum.pdf l A correlation method for establishing provenance of timestamps in digital evidence - http://dfrws.org/2006/proceedings/13-%20Schatz.pdf http://dfrws.org/2006/proceedings/13-%20Schatz.pdf
17
Group 5 l Data Hiding in Journaling File Systems - http://dfrws.org/2005/proceedings/eckstein_journal.pdf http://dfrws.org/2005/proceedings/eckstein_journal.pdf l Evaluating Commercial Counter-Forensic Tools - http://dfrws.org/2005/proceedings/geiger_couterforensics.pdf http://dfrws.org/2005/proceedings/geiger_couterforensics.pdf l Automatically Creating Realistic Targets for Digital Forensics Investigation (OPTIONAL) - http://dfrws.org/2005/proceedings/adelstein_falcon.pdf http://dfrws.org/2005/proceedings/adelstein_falcon.pdf
18
Group 6 l File Hound: A Forensics Tool for First Responders - http://dfrws.org/2005/proceedings/gillam_filehound.pdf http://dfrws.org/2005/proceedings/gillam_filehound.pdf l Monitoring Access to Shared Memory-Mapped File - http://dfrws.org/2005/proceedings/sarmoria_memorymap.pdf http://dfrws.org/2005/proceedings/sarmoria_memorymap.pdf l Network Forensics Analysis with Evidence Graphs (OPTIONAL) - http://dfrws.org/2005/proceedings/wang_evidencegraphs.pdf http://dfrws.org/2005/proceedings/wang_evidencegraphs.pdf
19
Group 7 l How to Reuse Knowledge about Forensic Investigations Danilo Bruschi, Mattia Monga, Universit`a degli Studi di Milano http://dfrws.org/2004/day3/D3-Martignoni_Knowledge_reuse.pdf l John Lowry, BBN Systems: Adversary Modeling to Develop Forensic Observables http://dfrws.org/2004/day2/Adversary_Modeling_to_Develop_Fo rensic_Observables.pdf l Dr. Golden G. Richard III, University of New Orleans, New Orleans, LA: Breaking the Performance Wall: The Case for Distributed Digital Forensics http://dfrws.org/2004/day2/Golden-Perfromance.pdf
20
Optional Papers l Analyzing multiple logs for forensic evidence (OPTIONAL) - http://dfrws.org/2007/proceedings/p82-arasteh.pdf http://dfrws.org/2007/proceedings/p82-arasteh.pdf l Massive threading: Using GPUs to increase the performance of digital forensics tools (OPTIOONAL) - http://dfrws.org/2007/proceedings/p73-marziale.pdf l Carving contiguous and fragmented files with fast object validation (OPTIONAL) - http://dfrws.org/2007/proceedings/p2-garfinkel.pdf http://dfrws.org/2007/proceedings/p2-garfinkel.pdf
21
Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edubhavani.thuraisingham@utdallas.edu - http://www.utdallas.edu/~bxt043000/ http://www.utdallas.edu/~bxt043000/
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.