1 / 18

Digital Forensics

Digital Forensics. Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2010. Outline of the Unit. Objective of the Course Outline of the Course Course Work Course Rules Contact Text Book: Guide to Computer Forensics and Investigations

Download Presentation

Digital Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2010

  2. Outline of the Unit • Objective of the Course • Outline of the Course • Course Work • Course Rules • Contact • Text Book: Guide to Computer Forensics and Investigations • Third Edition, 2008 • Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Steuart • Thompson Course Technology

  3. Objective of the Course • The course describes concepts, developments, challenges, and directions in Digital Forensics. • Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008. • Topics include: • Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis,

  4. Outline of the Course • Introduction to Data and Applications Security and Digital Forensics • SECTION 1: Computer Forensics • Part I: Background on Information Security • Part II: Computer Forensics Overview • Chapters 1, 2, 3, 4, 5 • Part III: Computer Forensics Tools • Chapters 6, 7, 8 • Part IV: Computer Forensics Analysis • Chapters 9, 10 • Part V Applications • Chapters 11, 12, 13

  5. Outline of the Course • Part VI: Expert Witness • Chapters 14, 15, 16 • SECTION II • Selected Papers • Digital Forensics Research Workshop • Guest Lectures • Richardson Police Department • North Texas FBI • Digital Forensics Company in DFW area

  6. Course Work • Two exams each worth 15 points • Mid-term and Final exams (October 22, December 3) • Programming project worth 14 points (December 3) • Three homework assignments worth 8 points each (September 17, September 24, November 12; 9-1, 9-2, 10-3) • Term paper 10 points (December 3, 2010) • Digital Forensics Project 14 points (SAIAL Lab, November 19) • Total 92 points (i.e., if you get 92 points then you get 100% for the course) • Extra credit opportunities

  7. Term Paper Outline • Abstract • Introduction • Analyze algorithms, Survey, - - - • Give your opinions • Summary/Conclusions

  8. Programming/Digital Forensics Projects – • Encase evaluation • Develop a system/simulation related to digital forensics • Intrusion detection • Ontology management for digital forensics • Representing digital evidence in XML • Search for certain key words

  9. Course Rules • Unless special permission is obtained from the instructor, each student will work individually • Copying material from other sources will not be permitted unless the source is properly referenced • Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department

  10. Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • http://www.utdallas.edu/~bxt043000/

  11. Assignments: Due September 17, 201000Hands-on Project • Assignments #1 and #2 • Chapter 2: 2.1, 2.2, 2.3 • Chapter 4: 4.1, 4.2 • Chapter 5: 5.1 • Assignment #3 • Chapter 9: 9-1, 9-2 • Chapter 10: 10-1

  12. Papers to Read for Exam #1 • 1. Iowa State University Paper • https://www.dfrws.org/2005/proceedings/wang_evidencegraphs.pdf • 2. Papers on Intelligent Digital Forensics • http://dfrws.org/2006/proceedings/7-Alink.pdf • XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf • Selective and intelligent imaging using digital evidence bags • http://dfrws.org/2006/proceedings/9-Lee.pdf • Detecting false captioning using common-sense reasoning

  13. Papers to Read for Exam #1 • 3. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers) • Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. • Tamper Detection in Audit Logs • Did the problem occur? (e.g. similar to intrusion detection) • Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. • Who caused the problem (e.g., similar to digital forensics analysis)

  14. Papers to Read for Exam #1 • 4. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE Explore • Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448 • 5. Steganography (High level Understanding of the following paper • http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm • 6. Initial chapters of the Thesis from Ireland for Event Reconstruction • http://www.gladyshev.info/publications/thesis/ • Formalizing Event Reconstruction in Digital Investigations PavelGladyshev,  Ph.D. dissertation,  2004, University College Dublin, Ireland

  15. Papers to Read for Exam #2 • Forensic feature extraction and cross-drive analysis • http://dfrws.org/2006/proceedings/10-Garfinkel.pdf • A correlation method for establishing provenance of timestamps in digital evidence • http://dfrws.org/2006/proceedings/13-%20Schatz.pdf

  16. Papers to Review for Exam #2 • FORZA – Digital forensics investigation framework that incorporate legal issues • http://dfrws.org/2006/proceedings/4-Ieong.pdf • A cyber forensics ontology: Creating a new approach to studying cyber forensics • http://dfrws.org/2006/proceedings/5-Brinson.pdf • Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem • http://dfrws.org/2006/proceedings/6-Harris.pdf

  17. Papers to Review for Exam #2 • Paper on File Carving • Paper on Video Surveillance • Paper on Secure voting machine (for the extra credit question) • MS Thesis paper

  18. Questions for Exam • 6 questions on the 6 papers (please see previous three charts) • Digital Watermarking • Expert Witness • File Carving MS Thesis (first few Chapters) • Next Generation Digital Forensics / Suspicious event detection (video surveillance) • Extra credit: (1) Secure voting machines (ii) Biometrics (iii) Virus/Worms

More Related