A note on ethics: Techniques and tools discussed in class are strictly for educational purpose. DO NOT try them on a system/data that you don't own or for which you don't have permission. Otherwise, you might get yourself in serious legal consequences.
WK | Date | Topic | Reading | Notes | Presenter |
1 | 9/2 | Overview and Logistics | slides | Ahmad Almulhem | |
9/4 | Digital Forensics | slides | Ahmad Almulhem | ||
2 | 9/9 | Research in Digital Forensics | "Digital Forensics: Defining a research agenda", K. Nance et al, HICSS'09 "Digital forensics research: The next 10 years", S. Garfinkel, Digital Investigation 2010 |
slides1, slides2 | Ahmad Almulhem |
9/11 | Reading Papers | "Reading a computer science research paper", P. Fong, ACM SIGCSE Bulletin 2009 "How to Read a Paper", S. Keshav, ACM SIGCOMM Computer Communication Review, 2007 "Writing Technical Articles", H. Schulzrinne |
slides | Ahmad Almulhem | |
3 | 9/16 | Multimedia Forensics | "Forensics Investigations of Multimedia Data: A Review of the State-of-the-Art", R. Poisel, IMF 2011 | slides1, slides2 |
Muhammad Qureshi |
9/18 | Image Forgery | "A robust detection algorithm for copy-move forgery in digital images", Y. Cao, Forensic science international 2011 Optional Reading: "Image Forgery Detection", H. Farid, IEEE signal processing magazine 2009 |
slides1, slides2 |
Issam Laradji | |
4 | 9/23 | National Holiday (No Class) | |||
9/25 | Gender Identification | "Author gender identification from text", N. Cheng et al, Digital Investigation 2011 | slides | Elhebri Khiari | |
5 | 9/30 | File Carving | "The evolution of file carving", A. Pal et al, IEEE Signal Processing Magazine 2009 | slides | Muhammad Butt |
10/2 | File Carving | "Carving contiguous and fragmented files with fast object validation", S. Garfinkel, DFRWS 2007 | slides | Faizuddin Mohammad | |
6 | 10/7 | File Carving | "Using NLP Techniques for File Fragment Classification", S. Fitzgerald et al, DFRWS 2012 | slides1, slides2 | Allam Fatayer |
10/9 | File Carving | "Bin-Carver: Automatic Recovery of Binary Executable Files", S. Hand et al, DFRWS 2012 | slides1, slides2 | Mohammed Siddiqui | |
7 | 10/14 | Project | Proposal Discussion (bring 3 topics/papers to discuss) | ||
10/16 | Project | Proposal due (15 min presentation in class + write-up) | |||
Eid Break | |||||
8 | 11/4 | Live Forensics | "A survey of main memory acquisition and analysis techniques for the windows operating system", S. Vomel, Digital Investigation 2011 Optional Reading: "Forensic physical memory analysis: an overview of tools and techniques", G. Garcia, Helsinki University 2007 |
slides | Faizuddin Mohammad |
11/6 | Live Forensic (introspection) | "Forensics examination of volatile system data using virtual introspection", B. Hay, ACM SIGOPS Operating Systems Review 2008 | slides | Allam Fatayer | |
9 | 11/11 | Project | Related-Work Discussion | ||
11/13 | Project | Related-Work Due (15 min presentation in class + write-up) | |||
10 | 11/18 | Network Forensics | "Forensic Investigation of Peer-to-Peer File Sharing Network", M. Liberatore et al, DFRWS 2010 | slides1, slides2 | Danish Sattar |
11/20 | Network Forensics (Packet Carving) | "Forensic Carving of Network Packets and Associated Data Structures", R. Beverly et al, DFRWS 2012 | slides | Ibrahim BenDaya | |
11 | 11/25 | Mobile Forensic | "Towards a General Collection Methodology for Android Devices", T. Vidas, DFRWS 2011 Optional Reading: "Forensics and the GSM mobile telephone system", S. Willassen, International Journal of Digital Evidence 2003 |
slides1, slides2 | Muhammad Qureshi |
11/27 | Mobile Forensic | "Social Networking Applications on Mobile Devices", N. Mutawa et al, DFRWS 2012 | slides1, slides2 | Elhebri Khiari | |
12 | 12/2 | High Performance Forensics | "Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools", L. Marziale et al, DFRWS 2007 | slides1, slides2 | Muhammad Butt |
12/4 | Software Forensics | "Software Forensics: Extending Authorship Analysis Techniques to Computer Programs", A. Gray et al, IAFL 1997 | slides | Mohammed Siddiqui | |
13 | 12/9 | Project | Status Update discussion | ||
12/11 | Project | Status Update Due (15 min presentation in class + 1st draft) | |||
14 | 12/16 | Differential Forensic | "A General Strategy for Differential Forensic Analysis", S. Garfinkel et al, DFRWS 2012 | slides1, slides2 | Issam Laradji |
12/18 | Large Scale Forensics | "Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus", S. Garfinkel, DFRWS 2012 | slides | Danish Sattar | |
15 | 12/23 | Project | Final Presentations | ||
12/25 | Project | Final Presentations/ Final Paper due | |||
16 | 12/29 | Review |