digital forensics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Digital Forensics PowerPoint Presentation
Download Presentation
Digital Forensics

Loading in 2 Seconds...

  share
play fullscreen
1 / 18
Download Presentation

Digital Forensics - PowerPoint PPT Presentation

63 Views
Download Presentation

Digital Forensics

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2010

  2. Outline of the Unit • Objective of the Course • Outline of the Course • Course Work • Course Rules • Contact • Text Book: Guide to Computer Forensics and Investigations • Third Edition, 2008 • Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart • Thompson Course Technology

  3. Objective of the Course • The course describes concepts, developments, challenges, and directions in Digital Forensics. • Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008. • Topics include: • Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,

  4. Outline of the Course • Introduction to Data and Applications Security and Digital Forensics • SECTION 1: Computer Forensics • Part I: Background on Information Security • Part II: Computer Forensics Overview • Chapters 1, 2, 3, 4, 5 • Part III: Computer Forensics Tools • Chapters 6, 7, 8 • Part IV: Computer Forensics Analysis • Chapters 9, 10 • Part V Applications • Chapters 11, 12, 13

  5. Outline of the Course • Part VI: Expert Witness • Chapters 14, 15, 16 • SECTION II • Selected Papers • Digital Forensics Research Workshop • Guest Lectures • Richardson Police Department • North Texas FBI • Digital Forensics Company in DFW area

  6. Course Work • Two exams each worth 15 points • Mid-term and Final exams (October 22, December 3) • Programming project worth 14 points (December 3) • Three homework assignments worth 8 points each (September 17, September 24, November 12; 9-1, 9-2, 10-3) • Term paper 10 points (December 3, 2010) • Digital Forensics Project 14 points (SAIAL Lab, November 19) • Total 92 points (i.e., if you get 92 points then you get 100% for the course) • Extra credit opportunities

  7. Term Paper Outline • Abstract • Introduction • Analyze algorithms, Survey, - - - • Give your opinions • Summary/Conclusions

  8. Programming/Digital Forensics Projects – • Encase evaluation • Develop a system/simulation related to digital forensics • Intrusion detection • Ontology management for digital forensics • Representing digital evidence in XML • Search for certain key words

  9. Course Rules • Unless special permission is obtained from the instructor, each student will work individually • Copying material from other sources will not be permitted unless the source is properly referenced • Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department

  10. Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • http://www.utdallas.edu/~bxt043000/

  11. Assignments: Due September 17, 201000Hands-on Project • Assignments #1 and #2 • Chapter 2: 2.1, 2.2, 2.3 • Chapter 4: 4.1, 4.2 • Chapter 5: 5.1 • Assignment #3 • Chapter 9: 9-1, 9-2 • Chapter 10: 10-1

  12. Papers to Read for Exam #1 • 1. Iowa State University Paper • https://www.dfrws.org/2005/proceedings/wang_evidencegraphs.pdf • 2. Papers on Intelligent Digital Forensics • http://dfrws.org/2006/proceedings/7-Alink.pdf • XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf • Selective and intelligent imaging using digital evidence bags • http://dfrws.org/2006/proceedings/9-Lee.pdf • Detecting false captioning using common-sense reasoning

  13. Papers to Read for Exam #1 • 3. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers) • Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. • Tamper Detection in Audit Logs • Did the problem occur? (e.g. similar to intrusion detection) • Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. • Who caused the problem (e.g., similar to digital forensics analysis)

  14. Papers to Read for Exam #1 • 4. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE Explore • Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448 • 5. Steganography (High level Understanding of the following paper • http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm • 6. Initial chapters of the Thesis from Ireland for Event Reconstruction • http://www.gladyshev.info/publications/thesis/ • Formalizing Event Reconstruction in Digital Investigations PavelGladyshev,  Ph.D. dissertation,  2004, University College Dublin, Ireland

  15. Papers to Read for Exam #2 • Forensic feature extraction and cross-drive analysis • http://dfrws.org/2006/proceedings/10-Garfinkel.pdf • A correlation method for establishing provenance of timestamps in digital evidence • http://dfrws.org/2006/proceedings/13-%20Schatz.pdf

  16. Papers to Review for Exam #2 • FORZA – Digital forensics investigation framework that incorporate legal issues • http://dfrws.org/2006/proceedings/4-Ieong.pdf • A cyber forensics ontology: Creating a new approach to studying cyber forensics • http://dfrws.org/2006/proceedings/5-Brinson.pdf • Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem • http://dfrws.org/2006/proceedings/6-Harris.pdf

  17. Papers to Review for Exam #2 • Paper on File Carving • Paper on Video Surveillance • Paper on Secure voting machine (for the extra credit question) • MS Thesis paper

  18. Questions for Exam • 6 questions on the 6 papers (please see previous three charts) • Digital Watermarking • Expert Witness • File Carving MS Thesis (first few Chapters) • Next Generation Digital Forensics / Suspicious event detection (video surveillance) • Extra credit: (1) Secure voting machines (ii) Biometrics (iii) Virus/Worms