Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2009

Outline of the Unit Objective of the Course Outline of the Course Course Work Course Rules Contact

Objective of the Course The course describes concepts, developments, challenges, and directions in Digital Forensics. Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008. Topics include: Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,

Outline of the Course Introduction to Data and Applications Security and Digital Forensics SECTION 1: Computer Forensics Part I: Background on Information Security Part II: Computer Forensics Overview Chapters 1, 2, 3, 4, 5 Part III: Computer Forensics Tools Chapters 6, 7, 8 Part IV: Computer Forensics Analysis Chapters 9, 10 Part V Applications Chapters 11, 12, 13

Outline of the Course Part VI: Expert Witness Chapters 14, 15, 16 SECTION II Selected Papers Digital Forensics Research Workshop Guest Lectures Richardson Police Department North Texas FBI Digital Forensics Company in DFW area

Course Work Updated October 7, 2009 Two exams each worth 15 points Mid-term and Final exams (October 14, December 7) Programming project worth 14 points (November 30 ) Four homework assignments worth 8 points each (Due: September 23, October 26, November 4, November 16) Term paper 10 points, Due November 23 Digital Forensics Project 14 points December 2 Total 100 points Extra credit opportunities

Term Paper Outline Abstract Introduction Analyze algorithms, Survey, - - - Give your opinions Summary/Conclusions

Programming/Digital Forensics Projects – Encase evaluation Develop a system/simulation related to digital forensics Intrusion detection Ontology management for digital forensics Representing digital evidence in XML Search for certain key words

Course Rules Unless special permission is obtained from the instructor, each student will work individually Copying material from other sources will not be permitted unless the source is properly referenced Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department

Contact For more information please contact Dr. Bhavani Thuraisingham Professor of Computer Science and Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 Phone: 972-883-4738 Fax: 972-883-2399 Email: bhavani.thuraisingham@utdallas.edu http://www.utdallas.edu/~bxt043000/

Review of Lectures 1-3 September 2, 2009 Lecture 1: Overview of Digital Forensics Lecture 2: Background on Information Security Lecture 3: Data recovery, Evidence collection, preservation and analysis (Expanded overview) Reading: Chapters 1-3 of Textbook

Review of Chapters 1-3 of Textbook September 2, 2009 Chapter 1: Understanding digital forensics What is digital forensics, conducting investigation, case law (fourth amendment) Chapter 2: Understanding investigations Steps for an investigation: systematic approach Evidence collections and analysis Report writing Chapter 3: Forensics Laboratory Physical requirements, Workstation requirements, Making a case to build a lab

Review Questions (Lectures 1, 3-7) September 2, 2009 Describe what is meant by digital forensics Describe the steps for a forensic investigation Describe how Data is Acquired in a Forensics Investigation Describe the process of constructing a forensic lab Describe data recovery in a forensic investigation Describe verification aspects of a forensic investigation Describe for malicious code may be detected in a machine Describe techniques for digital forensics analysis Describe the steps involved in processing a crime scene Describe the rules of evidence Describe forensics technologies

Assignment #1 (given on September 9, 2009) Text Book Hands-on Project 2.1 Hands-on Project 2.2 Chapter 2 Page 68-69 Due: Wednesday September 23, 2009

Review: September 23, 2009 Lecture 1: Overview of Digital Forensics (Chapter 1 of textbook) Lecture 2: Information Security Review Lecture 3: Data Recovery Lecture 4: Malicious code detection Lecture 5: Technologies/Services Lecture 6: Data acquisition, Processing crime scene, Lab Tour Lecture 7: Honeypots Lecture 8: Botnets Lecture 9: Windows File System and Forensics, Encase Lecture 10: Forensics Tools Lecture 11: Tampering and Forensics Analysis Lecture 12: Intelligent digital forensics Lecture 13: Graphical Forensics and Steganalysis Lecture 14. Review for Exam #1, Misc Topics

Assignment #2 (given on October 7 , 2009) Text Book Hands-on Project 4.1 Hands-on Project 4.2 Chapter 4 Page 149-152 Due: Monday October 26, 2009

Papers to Read for Mid-Term Steganography: http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm 2. Intelligent Digital Forensics http://dfrws.org/2006/proceedings/7-Alink.pdf XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf Selective and intelligent imaging using digital evidence bags http://dfrws.org/2006/proceedings/9-Lee.pdf Detecting false captioning using common-sense reasoning 3. Snodgrass papers from his web site Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. Parts of the PhD thesis from Ireland http://www.gladyshev.info/publications/thesis/--