Example: Data Mining for the NBA - The University of Texas at Dallas

Download Report

Transcript Example: Data Mining for the NBA - The University of Texas at Dallas 

Digital Forensics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
August 31, 2012
Outline of the Unit
 Objective of the Course
 Outline of the Course
 Course Work
 Course Rules
 Contact
- Text Book: Guide to Computer Forensics and Investigations
- Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher
Steuart
- Thompson Course Technology
Objective of the Course
 The course describes concepts, developments, challenges, and
directions in Digital Forensics.
 Text Book: Computer Forensics and Investigations. Bill Nelson et al,
 Topics include:
- Digital forensics fundamentals, systems and tools, Digital
forensics evidence and capture, Digital forensics analysis,
Outline of the Course
 Introduction to Data and Applications Security and Digital
Forensics
 SECTION 1: Computer Forensics
 Part I: Background on Information Security
 Part II: Computer Forensics Overview
- Chapters 1, 2, 3, 4, 5
 Part III: Computer Forensics Tools
Chapters 6, 7, 8
 Part IV: Computer Forensics Analysis
- Chapters 9, 10
 Part V Applications
Chapters 11, 12, 13
-
-
Outline of the Course
 Part VI: Expert Witness
- Chapters 14, 15, 16
 SECTION II
- Selected Papers
- Digital Forensics Research Workshop
 Guest Lectures
- Richardson Police Department
- North Texas FBI
- Digital Forensics Company in DFW area
Course Work





Two exams 20 points each
Term paper 12 points
Programming project: 20 points
Digital Forensics project: 16 points
Four assignments each worth 8 points, total: 32 points
Tentative Schedule
 Assignment #1 due date: September 21, 2012 (September 28,
2012)
 Assignment #2: due date: September 28, 2012 (new date:
October 12, 2012)
 Term paper #1: October 12, 2012 (October 26, 2012)
 Exam #1: October 19, 2012
 Assignment #3: October 26, 2012 (November 30, 2012)
 Assignment #4: November 2, 2012 (November 30, 2012)
 Digital Forensics Project: November 16, 2012 (November 30)
 Programming Project: November 30, 2012
 Exam #2: December 14, 2012
Term Paper Outline
 Abstract
 Introduction
 Analyze algorithms, Survey, - -  Give your opinions
 Summary/Conclusions
Programming/Digital Forensics Projects –
 Encase evaluation
 Develop a system/simulation related to digital forensics
- Intrusion detection
- Ontology management for digital forensics
- Representing digital evidence in XML
- Search for certain key words
Course Rules
 Unless special permission is obtained from the instructor, each
student will work individually
 Copying material from other sources will not be permitted unless the
source is properly referenced
 Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
Contact
 For more information please contact
-
Dr. Bhavani Thuraisingham
-
Phone: 972-883-4738
Professor of Computer Science and
Director of Cyber Security Research Center Erik Jonsson School of
Engineering and Computer Science EC31, The University of Texas at
Dallas Richardson, TX 75080
Fax: 972-883-2399
Email: [email protected]
http://www.utdallas.edu/~bxt043000/
Assignments for the Class: Hands-on projects
from the text book
 Assignments #1
- Chapter 2: 2.1, 2.2, 2.3
 Assignment #2
- Chapter 4: 4.1, 4.2
- Chapter 5: 5.1, 5.2
 Assignment #3
- Chapter 9: 9-1, 9-2
- Chapter 10: 10-1
 Assignment #4
- Chapter 12: 12-1, 12-2 , 12-3
Papers to Read for Exam #1
 http://www.sciencedirect.com/science/article/pii/S1742287604000271
(crime scene analysis)
 http://www.porcupine.org/forensics/forensic-discovery/chapter3.html
(file system basics)
 http://www.fbi.gov/about-us/lab/forensic-science-
communications/fsc/july2004/research/2004_03_research01.htm
(Steganography overview)
 http://www.dfrws.org/2005/proceedings/wang_evidencegraphs.pdf
(network forensics, Iowa state U. paper)
 Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham, Kevin
W. Hamlen, Latifur Khan: Insider Threat Detection Using Stream
Mining and Graph Mining. SocialCom/PASSAT 2011: 1102-1110
 Learn the details of one forensics tool
Index to lectures for Exam #1
 Lecture #1: Digital Forensics (8/31/2012)
 Lecture #2: Cyber Security Modules (8/31/2012)
 Lecture #3: Data Mining background (no date)
 Lecture #4: Computer Forensics Data Recovery and Evidence
Collection and Preservation (9/7/2012)
 Lecture 5: Data Mining for Malware Detection (Tapes: 9/14/2012
 Lecture 6: File System Forensics (discussed 10/5/2012)
 Lecture 7: Encase Overview (discussed (9/28/2012)
 Lecture 8: Insider Threat – Ms Parveen Lecture (9/14/2012)
 Lecture 9: Data Acquisition, Processing Crime Scenes and Digital
Forensics Analysis (9/21/2012)
 Lecture 10: Validation and Recovering Graphic Files and
Steganography (9/28/2012)
Index to lectures for Exam #1
 Lecture 11: Expert Witness and Report Writing (10/12/2012)
 Lecture 12: Network and Applications Forensics (10/5/2012)
Index to lectures for Exam #2
 Lecture 13: Secure Sharing of Digital Evidence (1)
 Lecture 14: Richard Wartell Guest Lecture (10/26/2012)
 Lecture 15: Detecting False Captioning (Marie Yarbrough)
(0.5)
 Lecture 16: Detection and Analysis of Database Tampering
(1)
 Lecture 17: Virtualization Security (0.5)
 Lecture 18: Guest Lecture Mr. Satyen Abrol
 Lecture 19: Smartphone Malware detection (Dr. Zhou) (1)
 Lecture 20: Dr. Lin Lecture (1)
 Lecture 21: Selective and Intelligence Imaging, Nicholas
Charlton (0.5)
 Lecture 22: XIREF, Antonio Guzman (0.5)
 Lecture 23: Timestamps. Kirby Flake (0.5)
Index to lectures for Exam #2
 Lecture 24: Forza, Matt Lawrence (0.5)
 Lecture 25: Anti forensics, Charles Sammons (0.5)
 Lecture 26: Ontology for DF, Jason Mok (0.5)
 Lecture 27: Anrdoid Anti Forensics, Michael Johnston (0.5)
 Lecture 28: Forensics Investigation of peer to peer file sharing
Nate Bleaker (0.5)
 Lecture 29: Forensics Feature Extraction and cross drive
analysis, David Pederson (0.5)
 Lecture 30: Advanced Evidence Collection and Analysis of
Web Browser Activity, Jeff (0.5)
 Lecture 31: Secure Cloud Computing (0.5)
Papers to read Exam #2 (Lecture October 12,
2012)
 Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.
Thuraisingham, Amar Gupta: Selective and Authentic ThirdParty Distribution of XML Documents. IEEE Trans. Knowl.
Data Eng. 16(10): 1263-1278 (2004)
 Abhijith Shastry, Murat Kantarcioglu, Yan Zhou, Bhavani M.
Thuraisingham: Randomizing Smartphone Malware Profiles
against Statistical Mining Techniques. DBSec 2012: 239-254
 (this paper will be posted on e-learning. It is the lecture given
by Dr. Yan Zhou)
Papers to Read for November 2, 2012
 http://www.cs.arizona.edu/people/rts/publications.html#auditing
 Richard T. Snodgrass, Stanley Yao and Christian Collberg,
"Tamper Detection in Audit Logs," In Proceedings of the
International Conference on Very Large Databases, Toronto,
Canada, August–September 2004, pp. 504–515.
Tamper Detection in Audit Logs
 Did the problem occur? (e.g. similar to intrusion
detection)
 Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of
Database Tampering," in Proceedings of the ACM SIGMOD
International Conference on Management of Data (SIGMOD),
pages 109-120, Chicago, June, 2006.
 Who caused the problem (e.g., similar to digital
forensics analysis)
-
Papers to Read for November 2, 2012
 . Papers on Intelligent Digital Forensics
 http://dfrws.org/2006/proceedings/7-Alink.pdf
 XIRAF – XML-based indexing and querying for digital forensics
http://dfrws.org/2006/proceedings/8-Turner.pdf
 Selective and intelligent imaging using digital evidence bags
 http://dfrws.org/2006/proceedings/9-Lee.pdf
 Detecting false captioning using common-sense reasoning
Papers to Read for November 9
 Forensic feature extraction and cross-drive analysis
- http://dfrws.org/2006/proceedings/10-Garfinkel.pdf
 A correlation method for establishing provenance of timestamps in
digital evidence
http://dfrws.org/2006/proceedings/13-%20Schatz.pdf
 FORZA – Digital forensics investigation framework that incorporate
legal issues
- http://dfrws.org/2006/proceedings/4-Ieong.pdf
 A cyber forensics ontology: Creating a new approach to studying
cyber forensics
- http://dfrws.org/2006/proceedings/5-Brinson.pdf
 Arriving at an anti-forensics consensus: Examining how to define
and control the anti-forensics problem
http://dfrws.org/2006/proceedings/6-Harris.pdf
-
-
Papers to Review for November 16
 Advanced Evidence Collection and Analysis of Web Browser
Activity", Junghoon Oh, Seungbong Lee and Sangjin Lee
http://www.dfrws.org/2011/proceedings/12-344.pdf
 Forensic Investigation of Peer-to-Peer File Sharing Network.
Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore
and Clay Shields.
http://www.dfrws.org/2010/proceedings/2010-311.pdf
 Android Anti-Forensics Through a Local Paradigm.
Alessandro Distefano, Gianluigi Me and Francesco Pace.
http://www.dfrws.org/2010/proceedings/2010-310.pdf