Lecture31 - The University of Texas at Dallas
advertisement
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010 Review Please check the Introduction unit for details on Exam #2 I will send 3 papers via email on November 23 (in pdf form that you can also obtain in the web) for review for exam #2 Objective of the Course The course describes concepts, developments, challenges, and directions in Digital Forensics. Text Book: Computer Forensics and Investigations. Bill Nelson et al, 2007/2008. Topics include: - Digital forensics fundamentals, systems and tools, Digital forensics evidence and capture, Digital forensics analysis, Outline of the Course Introduction to Data and Applications Security and Digital Forensics SECTION 1: Computer Forensics Part I: Background on Information Security Part II: Computer Forensics Overview - Chapters 1, 2, 3, 4, 5 Part III: Computer Forensics Tools Chapters 6, 7, 8 Part IV: Computer Forensics Analysis - Chapters 9, 10 Part V Applications Chapters 11, 12, 13 - - Outline of the Course Part VI: Expert Witness - Chapters 14, 15, 16 SECTION II - Selected Papers - Digital Forensics Research Workshop Guest Lectures - Richardson Police Department - North Texas FBI - Digital Forensics Company in DFW area Course Work Two exams each worth 15 points - Mid-term and Final exams (October 22, December 3) Programming project worth 14 points (December 3) Three homework assignments worth 8 points each (September 17, September 24, November 12; 9-1, 9-2, 10-3) Term paper 10 points (December 3, 2010) Digital Forensics Project 14 points (SAIAL Lab, November 19) Total 92 points (i.e., if you get 92 points then you get 100% for the course) Extra credit opportunities Term Paper Outline Abstract Introduction Analyze algorithms, Survey, - - Give your opinions Summary/Conclusions Programming/Digital Forensics Projects – Encase evaluation Develop a system/simulation related to digital forensics - Intrusion detection - Ontology management for digital forensics - Representing digital evidence in XML - Search for certain key words Course Rules Unless special permission is obtained from the instructor, each student will work individually Copying material from other sources will not be permitted unless the source is properly referenced Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advised by the department Contact For more information please contact - Dr. Bhavani Thuraisingham - Phone: 972-883-4738 Professor of Computer Science and Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 Fax: 972-883-2399 Email: bhavani.thuraisingham@utdallas.edu http://www.utdallas.edu/~bxt043000/ Assignments: Due September 17, 201000 Hands-on Project Assignments #1 and #2 Chapter 2: 2.1, 2.2, 2.3 Chapter 4: 4.1, 4.2 Chapter 5: 5.1 Assignment #3 Chapter 9: 9-1, 9-2 Chapter 10: 10-1 Papers to Read for Exam #1 1. Iowa State University Paper https://www.dfrws.org/2005/proceedings/wang_evidencegrap hs.pdf 2. Papers on Intelligent Digital Forensics http://dfrws.org/2006/proceedings/7-Alink.pdf XIRAF – XML-based indexing and querying for digital forensics http://dfrws.org/2006/proceedings/8-Turner.pdf Selective and intelligent imaging using digital evidence bags http://dfrws.org/2006/proceedings/9-Lee.pdf Detecting false captioning using common-sense reasoning Papers to Read for Exam #1 3. Database Tampering (check Dr. Snodgrass website for the pdf form of the papers) Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. - Tamper Detection in Audit Logs Did the problem occur? (e.g. similar to intrusion detection) Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006. Who caused the problem (e.g., similar to digital forensics analysis) Papers to Read for Exam #1 4. Detecting Malcious Executables – this will be useful for lecture 10, pdf from IEEE Explore Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448 5. Steganography (High level Understanding of the following paper - http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2 004_03_research01.htm 6. Initial chapters of the Thesis from Ireland for Event Reconstruction - http://www.gladyshev.info/publications/thesis/ Formalizing Event Reconstruction in Digital Investigations Pavel Gladyshev, Ph.D. dissertation, 2004, University College Dublin, Ireland Papers to Read for Exam #2 Forensic feature extraction and cross-drive analysis - http://dfrws.org/2006/proceedings/10-Garfinkel.pdf A correlation method for establishing provenance of timestamps in digital evidence http://dfrws.org/2006/proceedings/13-%20Schatz.pdf - Papers to Review for Exam #2 FORZA – Digital forensics investigation framework that incorporate legal issues - http://dfrws.org/2006/proceedings/4-Ieong.pdf A cyber forensics ontology: Creating a new approach to studying cyber forensics - http://dfrws.org/2006/proceedings/5-Brinson.pdf Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem - http://dfrws.org/2006/proceedings/6-Harris.pdf Papers to Review for Exam #2 Paper on File Carving Paper on Video Surveillance Paper on Secure voting machine (for the extra credit question) MS Thesis paper Questions for Exam 6 questions on the 6 papers (please see previous three charts) Digital Watermarking Expert Witness File Carving MS Thesis (first few Chapters) Next Generation Digital Forensics / Suspicious event detection (video surveillance) Extra credit: (1) Secure voting machines (ii) Biometrics (iii) Virus/Worms
