Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2011
Outline of the Unit l Objective of the Course l Outline of the Course l Course Work l Course Rules l Contact - Text Book: Guide to Computer Forensics and Investigations - Latest Edition - Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart - Thompson Course Technology
Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics and Investigations. Bill Nelson et al, l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,
Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l SECTION 1: Computer Forensics l Part I: Background on Information Security l Part II: Computer Forensics Overview - Chapters 1, 2, 3, 4, 5 l Part III: Computer Forensics Tools - Chapters 6, 7, 8 l Part IV: Computer Forensics Analysis - Chapters 9, 10 l Part V Applications - Chapters 11, 12, 13
Outline of the Course l Part VI: Expert Witness - Chapters 14, 15, 16 l SECTION II - Selected Papers - Digital Forensics Research Workshop l Guest Lectures - Richardson Police Department - North Texas FBI - Digital Forensics Company in DFW area
Course Work l Two exams each worth 20 points - Exam #1: October 19 - Exam #2: As scheduled; December 9 l Programming project worth 10 points: December 5 l Four homework assignments worth 8 points each - Assignment #1: October 5 - Assignment #2: November 28 l Term paper 8 points: November 17 l Digital Forensics Project 10 points: Done l Total 84 points
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, l Give your opinions l Summary/Conclusions
Programming/Digital Forensics Projects – l Encase evaluation l Develop a system/simulation related to digital forensics - Intrusion detection - Ontology management for digital forensics - Representing digital evidence in XML - Search for certain key words
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, l Give your opinions l Summary/Conclusions
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, l Give your opinions l Summary/Conclusions
Index to Lectures l Lecture 1: August 24, 2011: An introduction to digital forensics was discussed l Lecture 2: August 29, 2011: Intro to data mining l Lecture 3: August 31, 2011: Cyber security overview l Lecture 4: September 7, 2011: Computer Forensics Data Recovery and Evidence Collection and Preservation Lecture 5: Sept 12, 2011: Data Mining for Malware Detection Lecture 6: Sept : Data Acquisition, Processing Crime Scenes and Digital Forensics Analysis l Lecture 7: September 19, 2011: File Systems and File Forensics l Lecture 8: Sept 21, Stream-based novel class detection
Index to Lectures l Lecture 9: Sept 21, 2011: Encase Overview l Lecture 9/10: Sept 26, 2011: Complete file system forensics and start lecture 10 – network forensics l Lecture 10 Sept 28, 2011: Network and application forensics (continues) l Lecture 11: Oct 3, 2011: Expert witness and report writing l Lecture 12: October 5, 2011: Validation and Recovering Graphic Files and l Lecture 13: October 10, 2011: Malware l Lecture 14: October 12 Honeypots l Topics for Exam #2 Starts Here l Oct 17: Lecture 15: Secure sharing of digital evidene: XML publishing (will be included in Exam #2) (1) l Oct 19: Exam #1 (no lectures)
Index to Lectures for Exam 2 l October 24: Continued with Lecture 15 l October 26: Lecture 16: Papers: Database tampering (2) l Oct 31: Lecture 17: Physical Storage Analysis (Prof. Lin) (3) l Nov 2: Lecture 18 Papers; Intelligent Digital Forensics (4) l Nov 7: Lecture 19: Image annotation, Guest lecture (ext. cred) l November 9: Lecture 20: Papers, Evidence Correlation (5) l Nov 14: Lecture 21 Insider threat detection, Guest lect. (6) l November 16: Lecture 22: Papers: Framework for DF (7) l November 21: Lecture 23: Guest. Practical aspects, Saylor l November 23: Review, no lectures posted l November 28: Lecture 24: Cyber Forensics (8) l Nov 30: Lect 25: Papers discussed (see Intro unit) (9 and 10) l December 5: Lecture 26 (not included in exam)
Course Rules l Unless special permission is obtained from the instructor, each student will work individually l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX Phone: Fax:
Papers to Read for October 26, 2011 l l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504– Tamper Detection in Audit Logs l Did the problem occur? (e.g. similar to intrusion detection) l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages , Chicago, June, l Who caused the problem (e.g., similar to digital forensics analysis)
Papers to Read for November 2 l. Papers on Intelligent Digital Forensics l l XIRAF – XML-based indexing and querying for digital forensics l Selective and intelligent imaging using digital evidence bags l l Detecting false captioning using common-sense reasoning
Papers to Read for November 9 l Forensic feature extraction and cross-drive analysis l A correlation method for establishing provenance of timestamps in digital evidence -
Papers to Review for November 16 l FORZA – Digital forensics investigation framework that incorporate legal issues l A cyber forensics ontology: Creating a new approach to studying cyber forensics l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem -
Papers to Review for November 30 l OPTIONAL PAPER NOT INCLUDED IN EXAM: Advanced Evidence Collection and Analysis of Web Browser Activity", Junghoon Oh, Seungbong Lee and Sangjin Lee l Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. l Android Anti-Forensics Through a Local Paradigm. Alessandro Distefano, Gianluigi Me and Francesco Pace.
Paper to read for for Lecture 15 l Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third- Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): (2004) Elisa BertinoBarbara CarminatiElena FerrariAmar GuptaIEEE Trans. Knowl. Data Eng. 16