1. Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010

2. Review l Please check the Introduction unit for details on Exam #2 l I will send 3 papers via email on November 23 (in pdf form that you can also obtain in the web) for review for exam #2

3. Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008. l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,

4. Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l SECTION 1: Computer Forensics l Part I: Background on Information Security l Part II: Computer Forensics Overview - Chapters 1, 2, 3, 4, 5 l Part III: Computer Forensics Tools - Chapters 6, 7, 8 l Part IV: Computer Forensics Analysis - Chapters 9, 10 l Part V Applications - Chapters 11, 12, 13

5. Outline of the Course l Part VI: Expert Witness - Chapters 14, 15, 16 l SECTION II - Selected Papers - Digital Forensics Research Workshop l Guest Lectures - Richardson Police Department - North Texas FBI - Digital Forensics Company in DFW area

6. Course Work l Two exams each worth 15 points - Mid-term and Final exams (October 22, December 3) l Programming project worth 14 points (December 3) l Three homework assignments worth 8 points each (September 17, September 24, November 12; 9-1, 9-2, 10-3) l Term paper 10 points (December 3, 2010) l Digital Forensics Project 14 points (SAIAL Lab, November 19) l Total 92 points (i.e., if you get 92 points then you get 100% for the course) l Extra credit opportunities

7. Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, - - - l Give your opinions l Summary/Conclusions

8. Programming/Digital Forensics Projects – l Encase evaluation l Develop a system/simulation related to digital forensics - Intrusion detection - Ontology management for digital forensics - Representing digital evidence in XML - Search for certain key words

9. Course Rules l Unless special permission is obtained from the instructor, each student will work individually l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department

10. Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edubhavani.thuraisingham@utdallas.edu - http://www.utdallas.edu/~bxt043000/ http://www.utdallas.edu/~bxt043000/

11. Assignments: Due September 17, 201000 Hands-on Project l Assignments #1 and #2 l Chapter 2: 2.1, 2.2, 2.3 l Chapter 4: 4.1, 4.2 l Chapter 5: 5.1 l Assignment #3 l Chapter 9: 9-1, 9-2 l Chapter 10: 10-1

12. Papers to Read for Exam #1 l 1. Iowa State University Paper 1. Iowa State University Paper l https://www.dfrws.org/2005/proceedings/wang_evidencegrap hs.pdf https://www.dfrws.org/2005/proceedings/wang_evidencegrap hs.pdf l 2. Papers on Intelligent Digital Forensics l http://dfrws.org/2006/proceedings/7-Alink.pdf http://dfrws.org/2006/proceedings/7-Alink.pdf l XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf l Selective and intelligent imaging using digital evidence bags l http://dfrws.org/2006/proceedings/9-Lee.pdf http://dfrws.org/2006/proceedings/9-Lee.pdf l Detecting false captioning using common-sense reasoning

13. Papers to Read for Exam #1 l 3. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers) 3. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers) l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. - Tamper Detection in Audit Logs l Did the problem occur? (e.g. similar to intrusion detection) l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. l Who caused the problem (e.g., similar to digital forensics analysis)

14. Papers to Read for Exam #1 l 4. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE Explore 4. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE Explore Mohammad M. MasudMohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448Latifur KhanICC 2007 l 5. Steganography (High level Understanding of the following paper - http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2 004_03_research01.htm http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2 004_03_research01.htm l 6. Initial chapters of the Thesis from Ireland for Event Reconstruction - http://www.gladyshev.info/publications/thesis/ http://www.gladyshev.info/publications/thesis/ l Formalizing Event Reconstruction in Digital Investigations Pavel Gladyshev, Ph.D. dissertation, 2004, University College Dublin, Ireland

15. Papers to Read for Exam #2 l Forensic feature extraction and cross-drive analysis - http://dfrws.org/2006/proceedings/10-Garfinkel.pdf http://dfrws.org/2006/proceedings/10-Garfinkel.pdf l A correlation method for establishing provenance of timestamps in digital evidence - http://dfrws.org/2006/proceedings/13-%20Schatz.pdf http://dfrws.org/2006/proceedings/13-%20Schatz.pdf

16. Papers to Review for Exam #2 l FORZA – Digital forensics investigation framework that incorporate legal issues - http://dfrws.org/2006/proceedings/4-Ieong.pdf http://dfrws.org/2006/proceedings/4-Ieong.pdf l A cyber forensics ontology: Creating a new approach to studying cyber forensics - http://dfrws.org/2006/proceedings/5-Brinson.pdf http://dfrws.org/2006/proceedings/5-Brinson.pdf l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem - http://dfrws.org/2006/proceedings/6-Harris.pdf http://dfrws.org/2006/proceedings/6-Harris.pdf

17. Papers to Review for Exam #2 l Paper on File Carving l Paper on Video Surveillance l Paper on Secure voting machine (for the extra credit question) l MS Thesis paper

18. Questions for Exam l 6 questions on the 6 papers (please see previous three charts) l Digital Watermarking l Expert Witness l File Carving MS Thesis (first few Chapters) l Next Generation Digital Forensics / Suspicious event detection (video surveillance) l Extra credit: (1) Secure voting machines (ii) Biometrics (iii) Virus/Worms