Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 31, 2012
Outline of the Unit l Objective of the Course l Outline of the Course l Course Work l Course Rules l Contact - Text Book: Guide to Computer Forensics and Investigations - Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart - Thompson Course Technology
Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics and Investigations. Bill Nelson et al, l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,
Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l SECTION 1: Computer Forensics l Part I: Background on Information Security l Part II: Computer Forensics Overview - Chapters 1, 2, 3, 4, 5 l Part III: Computer Forensics Tools - Chapters 6, 7, 8 l Part IV: Computer Forensics Analysis - Chapters 9, 10 l Part V Applications - Chapters 11, 12, 13
Outline of the Course l Part VI: Expert Witness - Chapters 14, 15, 16 l SECTION II - Selected Papers - Digital Forensics Research Workshop l Guest Lectures - Richardson Police Department - North Texas FBI - Digital Forensics Company in DFW area
Course Work l Two exams 20 points each l Term paper 12 points l Programming project: 20 points l Digital Forensics project: 16 points l Four assignments each worth 8 points, total: 32 points
Tentative Schedule l Assignment #1 due date: September 21, 2012 (September 28, 2012) l Assignment #2: due date: September 28, 2012 (new date: October 12, 2012) l Term paper #1: October 12, 2012 (October 26, 2012) l Exam #1: October 19, 2012 l Assignment #3: October 26, 2012 (November 30, 2012) l Assignment #4: November 2, 2012 (November 30, 2012) l Digital Forensics Project: November 16, 2012 (November 30) l Programming Project: November 30, 2012 l Exam #2: December 14, 2012
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, l Give your opinions l Summary/Conclusions
Programming/Digital Forensics Projects – l Encase evaluation l Develop a system/simulation related to digital forensics - Intrusion detection - Ontology management for digital forensics - Representing digital evidence in XML - Search for certain key words
Course Rules l Unless special permission is obtained from the instructor, each student will work individually l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX Phone: Fax:
Assignments for the Class: Hands-on projects from the text book l Assignments #1 - Chapter 2: 2.1, 2.2, 2.3 l Assignment #2 - Chapter 4: 4.1, Chapter 5: 5.1, 5.2 l Assignment #3 - Chapter 9: 9-1, Chapter 10: 10-1 l Assignment #4 - Chapter 12: 12-1, 12-2, 12-3
Papers to Read for Exam #1 l (crime scene analysis) l (file system basics) l communications/fsc/july2004/research/2004_03_research01.htm (Steganography overview) communications/fsc/july2004/research/2004_03_research01.htm l (network forensics, Iowa state U. paper) l Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham, Kevin W. Hamlen, Latifur Khan: Insider Threat Detection Using Stream Mining and Graph Mining. SocialCom/PASSAT 2011: Jonathan EvansBhavani M. ThuraisinghamKevin W. HamlenLatifur KhanSocialCom/PASSAT 2011 l Learn the details of one forensics tool
Index to lectures for Exam #1 l Lecture #1: Digital Forensics (8/31/2012) l Lecture #2: Cyber Security Modules (8/31/2012) l Lecture #3: Data Mining background (no date) l Lecture #4: Computer Forensics Data Recovery and Evidence Collection and Preservation (9/7/2012) l Lecture 5: Data Mining for Malware Detection (Tapes: 9/14/2012 l Lecture 6: File System Forensics (discussed 10/5/2012) l Lecture 7: Encase Overview (discussed (9/28/2012) l Lecture 8: Insider Threat – Ms Parveen Lecture (9/14/2012) l Lecture 9: Data Acquisition, Processing Crime Scenes and Digital Forensics Analysis (9/21/2012) l Lecture 10: Validation and Recovering Graphic Files and Steganography (9/28/2012)
Index to lectures for Exam #1 l Lecture 11: Expert Witness and Report Writing (10/12/2012) l Lecture 12: Network and Applications Forensics (10/5/2012)
Index to lectures for Exam #2 l Lecture 13: Secure Sharing of Digital Evidence (1) l Lecture 14: Richard Wartell Guest Lecture (10/26/2012) l Lecture 15: Detecting False Captioning (Marie Yarbrough) (0.5) l Lecture 16: Detection and Analysis of Database Tampering (1) l Lecture 17: Virtualization Security (0.5) l Lecture 18: Guest Lecture Mr. Satyen Abrol l Lecture 19: Smartphone Malware detection (Dr. Zhou) (1) l Lecture 20: Dr. Lin Lecture (1) l Lecture 21: Selective and Intelligence Imaging, Nicholas Charlton (0.5) l Lecture 22: XIREF, Antonio Guzman (0.5) l Lecture 23: Timestamps. Kirby Flake (0.5)
Index to lectures for Exam #2 l Lecture 24: Forza, Matt Lawrence (0.5) l Lecture 25: Anti forensics, Charles Sammons (0.5) l Lecture 26: Ontology for DF, Jason Mok (0.5) l Lecture 27: Anrdoid Anti Forensics, Michael Johnston (0.5) l Lecture 28: Forensics Investigation of peer to peer file sharing Nate Bleaker (0.5) l Lecture 29: Forensics Feature Extraction and cross drive analysis, David Pederson (0.5) l Lecture 30: Advanced Evidence Collection and Analysis of Web Browser Activity, Jeff (0.5) l Lecture 31: Secure Cloud Computing (0.5)
Papers to read Exam #2 (Lecture October 12, 2012) l Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third- Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): (2004) Elisa BertinoBarbara CarminatiElena FerrariAmar GuptaIEEE Trans. Knowl. Data Eng. 16 l Abhijith Shastry, Murat Kantarcioglu, Yan Zhou, Bhavani M. Thuraisingham: Randomizing Smartphone Malware Profiles against Statistical Mining Techniques. DBSec 2012: Abhijith ShastryMurat KantarciogluBhavani M. ThuraisinghamDBSec 2012 l (this paper will be posted on e-learning. It is the lecture given by Dr. Yan Zhou)
Papers to Read for November 2, 2012 l l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504– Tamper Detection in Audit Logs l Did the problem occur? (e.g. similar to intrusion detection) l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages , Chicago, June, l Who caused the problem (e.g., similar to digital forensics analysis)
Papers to Read for November 2, 2012 l. Papers on Intelligent Digital Forensics l l XIRAF – XML-based indexing and querying for digital forensics l Selective and intelligent imaging using digital evidence bags l l Detecting false captioning using common-sense reasoning
Papers to Read for November 9 l Forensic feature extraction and cross-drive analysis l A correlation method for establishing provenance of timestamps in digital evidence l FORZA – Digital forensics investigation framework that incorporate legal issues l A cyber forensics ontology: Creating a new approach to studying cyber forensics l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem -
Papers to Review for November 16 l Advanced Evidence Collection and Analysis of Web Browser Activity", Junghoon Oh, Seungbong Lee and Sangjin Lee l Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. l Android Anti-Forensics Through a Local Paradigm. Alessandro Distefano, Gianluigi Me and Francesco Pace.