Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2007.

Published byBranden Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2007."— Presentation transcript:

1 Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2007

2 Outline of the Unit l Objective of the Course l Outline of the Course l Course Work l Course Rules l Contact

3 Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics: Computer Crime Scene Investigation, John Vacca, Charles River Media 2005. l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis, Military forensics, and Future Directions

4 Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l Part I: Computer Forensics Overview - Unit #1: Fundamentals - Unit #2: Technologies - Unit #3: Systems - Unit #4: Vendors l Part II: Computer Forensics Evidence and Capture - Unit #5: Data Recovery - Unit #6: Evidence Collection - Unit #7: Preserving Evidence - Unit #8: Computer Image Verification

5 Outline of the Course l Part III: Computer Forensics Analysis - Unit #9: Discovery of Evidence - Unit #10: Identifica6tion of Data - Unit #11: Reconstructing past events - Unit #12: Networks l Part IV: Information Warfare (OPTIONAL) - Unit #13: Defensive Strategies - Unit #14: Military tactics - Unit #15: Fighting Terrorism - Unit #16: Private Corporations - Unit 17: Future of Information Warfare - Unit #18: Surveillance - Unit 19: Civilian Causalities

6 Outline of the Course l Part V: Advanced Computer Forensics (OPTIONAL) - Unit #20: Advances and Directions - Unit #21: Future Directions l Papers from Conferences and Journals (e.g., Journal of Digital Evidence) to supplement the Textbook (several papers to be listed at the end) l Each lecture will be posted on my web site before class

7 Course Work l Two exams each worth 16 points - Mid-term and Final exams l Programming project worth 16 points - Due date; the day of the final exam l Four homework assignments worth 10 points each - Due dates will be announced l Term paper (12 points) l Total 100 points l Optional term paper for extra credit: 8 points l Details of the course work will be discussed during the lectures

8 Course Rules l Unless special permission is obtained from the instructor, each student will work incidviaully l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department

9 Programming project l Together with your program in a CD-ROM, please provide a design document. l Design document should include: - The objective - The design - The implementation of the design - Challenges encountered - Sample runs (if applicable) - Directions

10 Assignments l Assignment 1: Text Book exercises at the end of chapters 1, 2, 3, 4 l Assignment 2: text book exercises at the end of chapters 5, 6, 7, 8 l Assignment 3: Text book exercises at the end of chapters 9, 10, 11, 12 l Assignment 4: Framework unit; adapt the framework for a problem you choose.

11 Reading material for the Mid-term l Chapters 1-12 of the book l Papers discussed in class

12 Reading material for the Final exam l Papers discussed in class; papers are in groups - Group 1: Snodgrass papers (database tampering) - Group 2: Intelligent digital analysis - Group 3: Frameworks - Group 4: Evidence Correlation - Group 5: Information hiding - Group 6: Network forensics (revisited) l Optional reading: remainder of the text book for extra credit in exam

13 Group 1 l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. l Additional paper for reading: Kyri Pavlou and Richard. T. Snodgrass, "The Pre-images of Bitwise AND Functions in Forensic Analysis,'' TimeCenter TR 87, October, 2006. (OPTIONAL) l http://www.cs.arizona.edu/~rts/publications.html http://www.cs.arizona.edu/~rts/publications.html

14 Group 2 l http://dfrws.org/2006/proceedings/7-Alink.pdf http://dfrws.org/2006/proceedings/7-Alink.pdf l XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf l Selective and intelligent imaging using digital evidence bags l http://dfrws.org/2006/proceedings/9-Lee.pdf http://dfrws.org/2006/proceedings/9-Lee.pdf l Detecting false captioning using common-sense reasoning

15 Group 3 l FORZA – Digital forensics investigation framework that incorporate legal issues - http://dfrws.org/2006/proceedings/4-Ieong.pdf http://dfrws.org/2006/proceedings/4-Ieong.pdf l A cyber forensics ontology: Creating a new approach to studying cyber forensics - http://dfrws.org/2006/proceedings/5-Brinson.pdf http://dfrws.org/2006/proceedings/5-Brinson.pdf l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem - http://dfrws.org/2006/proceedings/6-Harris.pdf http://dfrws.org/2006/proceedings/6-Harris.pdf

16 Group 4 l Forensic feature extraction and cross-drive analysis - http://dfrws.org/2006/proceedings/10-Garfinkel.pdf http://dfrws.org/2006/proceedings/10-Garfinkel.pdf l md5bloom: Forensic file system hashing revisited (OPTIONAL) - http://dfrws.org/2006/proceedings/11-Roussev.pdf http://dfrws.org/2006/proceedings/11-Roussev.pdf l Identifying almost identical files using context triggered piecewise hashing (OPTIONAL) - http://dfrws.org/2006/proceedings/12-Kornblum.pdf http://dfrws.org/2006/proceedings/12-Kornblum.pdf l A correlation method for establishing provenance of timestamps in digital evidence - http://dfrws.org/2006/proceedings/13-%20Schatz.pdf http://dfrws.org/2006/proceedings/13-%20Schatz.pdf

17 Group 5 l Data Hiding in Journaling File Systems - http://dfrws.org/2005/proceedings/eckstein_journal.pdf http://dfrws.org/2005/proceedings/eckstein_journal.pdf l Evaluating Commercial Counter-Forensic Tools - http://dfrws.org/2005/proceedings/geiger_couterforensics.pdf http://dfrws.org/2005/proceedings/geiger_couterforensics.pdf l Automatically Creating Realistic Targets for Digital Forensics Investigation (OPTIONAL) - http://dfrws.org/2005/proceedings/adelstein_falcon.pdf http://dfrws.org/2005/proceedings/adelstein_falcon.pdf

18 Group 6 l File Hound: A Forensics Tool for First Responders - http://dfrws.org/2005/proceedings/gillam_filehound.pdf http://dfrws.org/2005/proceedings/gillam_filehound.pdf l Monitoring Access to Shared Memory-Mapped File - http://dfrws.org/2005/proceedings/sarmoria_memorymap.pdf http://dfrws.org/2005/proceedings/sarmoria_memorymap.pdf l Network Forensics Analysis with Evidence Graphs (OPTIONAL) - http://dfrws.org/2005/proceedings/wang_evidencegraphs.pdf http://dfrws.org/2005/proceedings/wang_evidencegraphs.pdf

19 Group 7 l How to Reuse Knowledge about Forensic Investigations Danilo Bruschi, Mattia Monga, Universit`a degli Studi di Milano http://dfrws.org/2004/day3/D3-Martignoni_Knowledge_reuse.pdf l John Lowry, BBN Systems: Adversary Modeling to Develop Forensic Observables http://dfrws.org/2004/day2/Adversary_Modeling_to_Develop_Fo rensic_Observables.pdf l Dr. Golden G. Richard III, University of New Orleans, New Orleans, LA: Breaking the Performance Wall: The Case for Distributed Digital Forensics http://dfrws.org/2004/day2/Golden-Perfromance.pdf

20 Optional Papers l Analyzing multiple logs for forensic evidence (OPTIONAL) - http://dfrws.org/2007/proceedings/p82-arasteh.pdf http://dfrws.org/2007/proceedings/p82-arasteh.pdf l Massive threading: Using GPUs to increase the performance of digital forensics tools (OPTIOONAL) - http://dfrws.org/2007/proceedings/p73-marziale.pdf l Carving contiguous and fragmented files with fast object validation (OPTIONAL) - http://dfrws.org/2007/proceedings/p2-garfinkel.pdf http://dfrws.org/2007/proceedings/p2-garfinkel.pdf

21 Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edubhavani.thuraisingham@utdallas.edu - http://www.utdallas.edu/~bxt043000/ http://www.utdallas.edu/~bxt043000/

Download ppt "Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2007."

Similar presentations

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Chapter 0 Introductory Comments. Overview Syllabus Detailed power point slides My Web Page –Homework on web page –Readings –Other.

Chapter 0 Introductory Comments. Overview Syllabus Detailed power point slides My Web Page –Homework on web page –Readings –Other.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 30, 2013.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 30, 2013.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 31, 2012.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 31, 2012.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas File Systems and Forensics Tools September 20, 2013.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas File Systems and Forensics Tools September 20, 2013.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Intelligent Digital Forensics September 30, 2009.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Intelligent Digital Forensics September 30, 2009.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course January.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course January.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #33 Information Warfare November 19, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #33 Information Warfare November 19, 2007.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2011.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2011.
Ben Livelsberger NIST Information Technology Laboratory, CFTT Program

Ben Livelsberger NIST Information Technology Laboratory, CFTT Program
Introduction to Course MMIS 656 Web Design Technologies.

Introduction to Course MMIS 656 Web Design Technologies.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for the Final Exam December 8, 2008.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for the Final Exam December 8, 2008.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August.
Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or.

Disclaimer Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. System Forensics, Investigation, and Response.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Guest Lecture September 21, 2009.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Guest Lecture September 21, 2009.

Similar presentations

Ads by Google