Download presentation
Presentation is loading. Please wait.
Published bySpencer McCormick Modified over 9 years ago
1
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2011
2
Outline of the Unit l Objective of the Course l Outline of the Course l Course Work l Course Rules l Contact - Text Book: Guide to Computer Forensics and Investigations - Latest Edition - Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart - Thompson Course Technology
3
Objective of the Course l The course describes concepts, developments, challenges, and directions in Digital Forensics. l Text Book: Computer Forensics and Investigations. Bill Nelson et al, l Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,
4
Outline of the Course l Introduction to Data and Applications Security and Digital Forensics l SECTION 1: Computer Forensics l Part I: Background on Information Security l Part II: Computer Forensics Overview - Chapters 1, 2, 3, 4, 5 l Part III: Computer Forensics Tools - Chapters 6, 7, 8 l Part IV: Computer Forensics Analysis - Chapters 9, 10 l Part V Applications - Chapters 11, 12, 13
5
Outline of the Course l Part VI: Expert Witness - Chapters 14, 15, 16 l SECTION II - Selected Papers - Digital Forensics Research Workshop l Guest Lectures - Richardson Police Department - North Texas FBI - Digital Forensics Company in DFW area
6
Course Work l Two exams each worth 20 points - Exam #1: October 19 - Exam #2: As scheduled; December 9 l Programming project worth 10 points: December 5 l Four homework assignments worth 8 points each - Assignment #1: October 5 - Assignment #2: November 28 l Term paper 8 points: November 17 l Digital Forensics Project 10 points: Done l Total 84 points
7
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, - - - l Give your opinions l Summary/Conclusions
8
Programming/Digital Forensics Projects – l Encase evaluation l Develop a system/simulation related to digital forensics - Intrusion detection - Ontology management for digital forensics - Representing digital evidence in XML - Search for certain key words
9
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, - - - l Give your opinions l Summary/Conclusions
10
Term Paper Outline l Abstract l Introduction l Analyze algorithms, Survey, - - - l Give your opinions l Summary/Conclusions
11
Index to Lectures l Lecture 1: August 24, 2011: An introduction to digital forensics was discussed l Lecture 2: August 29, 2011: Intro to data mining l Lecture 3: August 31, 2011: Cyber security overview l Lecture 4: September 7, 2011: Computer Forensics Data Recovery and Evidence Collection and Preservation Lecture 5: Sept 12, 2011: Data Mining for Malware Detection Lecture 6: Sept 14. 2011: Data Acquisition, Processing Crime Scenes and Digital Forensics Analysis l Lecture 7: September 19, 2011: File Systems and File Forensics l Lecture 8: Sept 21, Stream-based novel class detection
12
Index to Lectures l Lecture 9: Sept 21, 2011: Encase Overview l Lecture 9/10: Sept 26, 2011: Complete file system forensics and start lecture 10 – network forensics l Lecture 10 Sept 28, 2011: Network and application forensics (continues) l Lecture 11: Oct 3, 2011: Expert witness and report writing l Lecture 12: October 5, 2011: Validation and Recovering Graphic Files and l Lecture 13: October 10, 2011: Malware l Lecture 14: October 12 Honeypots l Topics for Exam #2 Starts Here l Oct 17: Lecture 15: Secure sharing of digital evidene: XML publishing (will be included in Exam #2) (1) l Oct 19: Exam #1 (no lectures)
13
Index to Lectures for Exam 2 l October 24: Continued with Lecture 15 l October 26: Lecture 16: Papers: Database tampering (2) l Oct 31: Lecture 17: Physical Storage Analysis (Prof. Lin) (3) l Nov 2: Lecture 18 Papers; Intelligent Digital Forensics (4) l Nov 7: Lecture 19: Image annotation, Guest lecture (ext. cred) l November 9: Lecture 20: Papers, Evidence Correlation (5) l Nov 14: Lecture 21 Insider threat detection, Guest lect. (6) l November 16: Lecture 22: Papers: Framework for DF (7) l November 21: Lecture 23: Guest. Practical aspects, Saylor l November 23: Review, no lectures posted l November 28: Lecture 24: Cyber Forensics (8) l Nov 30: Lect 25: Papers discussed (see Intro unit) (9 and 10) l December 5: Lecture 26 (not included in exam)
14
Course Rules l Unless special permission is obtained from the instructor, each student will work individually l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department
15
Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edubhavani.thuraisingham@utdallas.edu - http://www.utdallas.edu/~bxt043000/ http://www.utdallas.edu/~bxt043000/
16
Papers to Read for October 26, 2011 l http://www.cs.arizona.edu/people/rts/publications.html#auditing http://www.cs.arizona.edu/people/rts/publications.html#auditing l Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. - Tamper Detection in Audit Logs l Did the problem occur? (e.g. similar to intrusion detection) l Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. l Who caused the problem (e.g., similar to digital forensics analysis)
17
Papers to Read for November 2 l. Papers on Intelligent Digital Forensics l http://dfrws.org/2006/proceedings/7-Alink.pdf http://dfrws.org/2006/proceedings/7-Alink.pdf l XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf l Selective and intelligent imaging using digital evidence bags l http://dfrws.org/2006/proceedings/9-Lee.pdf http://dfrws.org/2006/proceedings/9-Lee.pdf l Detecting false captioning using common-sense reasoning
18
Papers to Read for November 9 l Forensic feature extraction and cross-drive analysis - http://dfrws.org/2006/proceedings/10-Garfinkel.pdf http://dfrws.org/2006/proceedings/10-Garfinkel.pdf l A correlation method for establishing provenance of timestamps in digital evidence - http://dfrws.org/2006/proceedings/13-%20Schatz.pdf http://dfrws.org/2006/proceedings/13-%20Schatz.pdf
19
Papers to Review for November 16 l FORZA – Digital forensics investigation framework that incorporate legal issues - http://dfrws.org/2006/proceedings/4-Ieong.pdf http://dfrws.org/2006/proceedings/4-Ieong.pdf l A cyber forensics ontology: Creating a new approach to studying cyber forensics - http://dfrws.org/2006/proceedings/5-Brinson.pdf http://dfrws.org/2006/proceedings/5-Brinson.pdf l Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem - http://dfrws.org/2006/proceedings/6-Harris.pdf http://dfrws.org/2006/proceedings/6-Harris.pdf
20
Papers to Review for November 30 l OPTIONAL PAPER NOT INCLUDED IN EXAM: Advanced Evidence Collection and Analysis of Web Browser Activity", Junghoon Oh, Seungbong Lee and Sangjin Lee http://www.dfrws.org/2011/proceedings/12-344.pdf http://www.dfrws.org/2011/proceedings/12-344.pdf l Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. http://www.dfrws.org/2010/proceedings/2010-311.pdf l Android Anti-Forensics Through a Local Paradigm. Alessandro Distefano, Gianluigi Me and Francesco Pace. http://www.dfrws.org/2010/proceedings/2010-310.pdf
21
Paper to read for for Lecture 15 l Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third- Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) Elisa BertinoBarbara CarminatiElena FerrariAmar GuptaIEEE Trans. Knowl. Data Eng. 16
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.