Transcript Example: Data Mining for the NBA - The University of Texas at Dallas

Digital Forensics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
August 24, 2011
Outline of the Unit
 Objective of the Course
 Outline of the Course
 Course Work
 Course Rules
 Contact
- Text Book: Guide to Computer Forensics and Investigations
- Latest Edition
- Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher
Steuart
- Thompson Course Technology
Objective of the Course
 The course describes concepts, developments, challenges, and
directions in Digital Forensics.
 Text Book: Computer Forensics and Investigations. Bill Nelson et al,
 Topics include:
- Digital forensics fundamentals, systems and tools, Digital
forensics evidence and capture, Digital forensics analysis,
Outline of the Course
 Introduction to Data and Applications Security and Digital
Forensics
 SECTION 1: Computer Forensics
 Part I: Background on Information Security
 Part II: Computer Forensics Overview
- Chapters 1, 2, 3, 4, 5
 Part III: Computer Forensics Tools
Chapters 6, 7, 8
 Part IV: Computer Forensics Analysis
- Chapters 9, 10
 Part V Applications
Chapters 11, 12, 13
-
-
Outline of the Course
 Part VI: Expert Witness
- Chapters 14, 15, 16
 SECTION II
- Selected Papers
- Digital Forensics Research Workshop
 Guest Lectures
- Richardson Police Department
- North Texas FBI
- Digital Forensics Company in DFW area
Course Work
 Two exams each worth 20 points
- Exam #1: October 19
- Exam #2: As scheduled; December 9
 Programming project worth 10 points: December 5
 Four homework assignments worth 8 points each
- Assignment #1: October 5
- Assignment #2: November 28
 Term paper 8 points: November 17
 Digital Forensics Project 10 points: Done
 Total 84 points
Term Paper Outline
 Abstract
 Introduction
 Analyze algorithms, Survey, - -  Give your opinions
 Summary/Conclusions
Programming/Digital Forensics Projects –
 Encase evaluation
 Develop a system/simulation related to digital forensics
- Intrusion detection
- Ontology management for digital forensics
- Representing digital evidence in XML
- Search for certain key words
Term Paper Outline
 Abstract
 Introduction
 Analyze algorithms, Survey, - -  Give your opinions
 Summary/Conclusions
Term Paper Outline
 Abstract
 Introduction
 Analyze algorithms, Survey, - -  Give your opinions
 Summary/Conclusions
Index to Lectures
 Lecture 1: August 24, 2011: An introduction to digital
forensics was discussed
 Lecture 2: August 29, 2011: Intro to data mining
 Lecture 3: August 31, 2011: Cyber security overview
 Lecture 4: September 7, 2011: Computer Forensics Data
Recovery and Evidence Collection and Preservation
 Lecture 5: Sept 12, 2011: Data Mining for Malware Detection
 Lecture 6: Sept 14. 2011: Data Acquisition, Processing Crime
Scenes and Digital Forensics Analysis
 Lecture 7: September 19, 2011: File Systems and File
Forensics
 Lecture 8: Sept 21, Stream-based novel class detection
Index to Lectures
 Lecture 9: Sept 21, 2011: Encase Overview
 Lecture 9/10: Sept 26, 2011: Complete file system forensics
and start lecture 10 – network forensics
 Lecture 10 Sept 28, 2011: Network and application forensics
(continues)
 Lecture 11: Oct 3, 2011: Expert witness and report writing
 Lecture 12: October 5, 2011: Validation and Recovering
Graphic Files and
 Lecture 13: October 10, 2011: Malware
 Lecture 14: October 12 Honeypots
 Topics for Exam #2 Starts Here
 Oct 17: Lecture 15: Secure sharing of digital evidene: XML
publishing (will be included in Exam #2) (1)
 Oct 19: Exam #1 (no lectures)
Index to Lectures for Exam 2
 October 24: Continued with Lecture 15
 October 26: Lecture 16: Papers: Database tampering (2)
 Oct 31: Lecture 17: Physical Storage Analysis (Prof. Lin) (3)
 Nov 2: Lecture 18 Papers; Intelligent Digital Forensics (4)
 Nov 7: Lecture 19: Image annotation, Guest lecture (ext. cred)
 November 9: Lecture 20: Papers, Evidence Correlation (5)
 Nov 14: Lecture 21 Insider threat detection, Guest lect. (6)
 November 16: Lecture 22: Papers: Framework for DF (7)
 November 21: Lecture 23: Guest. Practical aspects, Saylor
 November 23: Review, no lectures posted
 November 28: Lecture 24: Cyber Forensics (8)
 Nov 30: Lect 25: Papers discussed (see Intro unit) (9 and 10)
 December 5: Lecture 26 (not included in exam)
Course Rules
 Unless special permission is obtained from the instructor, each
student will work individually
 Copying material from other sources will not be permitted unless the
source is properly referenced
 Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
Contact
 For more information please contact
-
Dr. Bhavani Thuraisingham
-
Phone: 972-883-4738
Professor of Computer Science and
Director of Cyber Security Research Center Erik Jonsson School of
Engineering and Computer Science EC31, The University of Texas at
Dallas Richardson, TX 75080
Fax: 972-883-2399
Email: [email protected]
http://www.utdallas.edu/~bxt043000/
Papers to Read for October 26, 2011
 http://www.cs.arizona.edu/people/rts/publications.html#auditing
 Richard T. Snodgrass, Stanley Yao and Christian Collberg,
"Tamper Detection in Audit Logs," In Proceedings of the
International Conference on Very Large Databases, Toronto,
Canada, August–September 2004, pp. 504–515.
Tamper Detection in Audit Logs
 Did the problem occur? (e.g. similar to intrusion
detection)
 Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of
Database Tampering," in Proceedings of the ACM SIGMOD
International Conference on Management of Data (SIGMOD),
pages 109-120, Chicago, June, 2006.
 Who caused the problem (e.g., similar to digital
forensics analysis)
-
Papers to Read for November 2
 . Papers on Intelligent Digital Forensics
 http://dfrws.org/2006/proceedings/7-Alink.pdf
 XIRAF – XML-based indexing and querying for digital forensics
http://dfrws.org/2006/proceedings/8-Turner.pdf
 Selective and intelligent imaging using digital evidence bags
 http://dfrws.org/2006/proceedings/9-Lee.pdf
 Detecting false captioning using common-sense reasoning
Papers to Read for November 9
 Forensic feature extraction and cross-drive analysis
- http://dfrws.org/2006/proceedings/10-Garfinkel.pdf
 A correlation method for establishing provenance of timestamps in
digital evidence
http://dfrws.org/2006/proceedings/13-%20Schatz.pdf
-
Papers to Review for November 16
 FORZA – Digital forensics investigation framework that incorporate
legal issues
- http://dfrws.org/2006/proceedings/4-Ieong.pdf
 A cyber forensics ontology: Creating a new approach to studying
cyber forensics
- http://dfrws.org/2006/proceedings/5-Brinson.pdf
 Arriving at an anti-forensics consensus: Examining how to define
and control the anti-forensics problem
- http://dfrws.org/2006/proceedings/6-Harris.pdf
Papers to Review for November 30
 OPTIONAL PAPER NOT INCLUDED IN EXAM: Advanced
Evidence Collection and Analysis of Web Browser Activity",
Junghoon Oh, Seungbong Lee and Sangjin Lee
http://www.dfrws.org/2011/proceedings/12-344.pdf
 Forensic Investigation of Peer-to-Peer File Sharing Network.
Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore
and Clay Shields.
http://www.dfrws.org/2010/proceedings/2010-311.pdf
 Android Anti-Forensics Through a Local Paradigm.
Alessandro Distefano, Gianluigi Me and Francesco Pace.
http://www.dfrws.org/2010/proceedings/2010-310.pdf
Paper to read for for Lecture 15
 Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.
Thuraisingham, Amar Gupta: Selective and Authentic ThirdParty Distribution of XML Documents. IEEE Trans. Knowl.
Data Eng. 16(10): 1263-1278 (2004)