A note on ethics: Techniques and tools discussed in class are strictly for educational purpose. DO NOT try them on a system/data that you don't own or for which you don't have permission. Otherwise, you might get yourself in serious legal consequences.
WK | Date | Topic | Reading | Notes | Presenter |
1 | 1/27 | Overview and Logistics | slides | Ahmad Almulhem | |
1/29 | Digital Forensics | slides | Ahmad Almulhem | ||
2 | 2/3 | Research in Digital Forensics | K. Nance et al, "Digital Forensics: Defining a research agenda", HICSS'09 S. Garfinkel, "Digital forensics research: The next 10 years", Digital Investigation 2010 |
slides | Ahmad Almulhem |
2/5 | Reading Papers | P. Fong, "Reading a computer science research paper", ACM SIGCSE Bulletin 2009 S. Keshav, "How to Read a Paper", ACM SIGCOMM Computer Communication Review, 2007 "Writing Technical Articles", H. Schulzrinne |
slides | Ahmad Almulhem | |
3 | 2/10 | Investiation Framework | Ieong, Ricci SC. "FORZA - Digital forensics investigation framework that incorporate legal issues." digital investigation 3 (2006): 29-36. | slides | Abdiwahid Ahmed |
2/12 | Windows Forensics | Carvey, Harlan. "The Windows Registry as a forensic resource." Digital Investigation 2.3 (2005): 201-205. | slides | Azzat Ahmed | |
4 | 2/17 | Time and Forensics | Chow, K. P., et al. "The Rules of Time on NTFS File System." Systematic Approaches to Digital Forensic Engineering, 2007. SADFE 2007. Second International Workshop on. IEEE, 2007. Case Study: Boyd, Chris, and Pete Forster. "Time and date issues in forensic computing - a case study." Digital Investigation 1.1 (2004): 18-23. |
slides | Muhammad Naseer |
2/19 | Timeline | Hargreaves, Christopher, and Jonathan Patterson. "An automated timeline reconstruction approach for digital forensic investigations." Digital Investigation 9 (2012): S69-S79. | slides | Manaf Bin Yahya | |
5 | 2/24 | File Carving | Richard III, Golden G., and Vassil Roussev. "Scalpel: A frugal, high performance file carver." Proceedings of the 2005 digital forensics research workshop (DFRWS 2005). 2005. | slides | Muhammad Naseer |
2/26 | File Carving | Veenman, Cor J. "Statistical disk cluster classification for file carving." Information Assurance and Security, 2007. IAS 2007. Third International Symposium on. IEEE, 2007. | slides | Iyad Shaheen | |
6 | 3/3 | Live Forensics | Carrier, Brian D., and Joe Grand. "A hardware-based memory acquisition procedure for digital investigations." Digital Investigation 1.1 (2004): 50-60. | slides | MD Haque |
3/5 | Live Forensics | Hay, Brian, and Kara Nance. "Forensics examination of volatile system data using virtual introspection." ACM SIGOPS Operating Systems Review 42.3 (2008): 74-82. | slides | MD Haque | |
7 | 3/10 | Mobile Forensics | Lessard, Jeff, and Gary Kessler. "Android Forensics: Simplifying Cell Phone Examinations." (2010).Small Scale Digital Device Forensics Journal Vol. 4, No.1, September 2010 | slides | Manaf Bin Yahya |
3/12 | Free Talk | ||||
8 | 3/17 | Project | Proposal Discussion | ||
3/19 | Project | Proposal due | |||
Midterm Vacation | |||||
9 | 3/31 | Project | Related-Work Discussion | ||
4/2 | Project | Related-Work Due | |||
10 | 4/7 | Cloud Forensics | Chung, Hyunji, et al. "Digital forensic investigation of cloud storage services." Digital Investigation (2012). | slides | Abdiwahid Ahmed |
4/9 | Mobile Forensics | Simao, et al. "Acquisition and Analysis of Digital Evidence in Android Smartphones." FORENSIC COMPUTER SCIENCE IJoFCS: 28. | slides | Abubakar Bala | |
11 | 4/14 | Email Investigations | Persaud, Anthony, and Yong Guan. "A Framework for Email Investigations." Advances in Digital Forensics (2005): 79-90. | slides | Abubakar Bala |
4/16 | IM Forensics | Orebaugh, Angela, and Jeremy Allnutt. "Classification of instant messaging communications for forensics analysis." The International Journal of Forensics Computer Science (2009): 22-28. | slides | Azzat Ahmed | |
12 | 4/21 | Anti-Forensics | Casey, Eoghan, and Gerasimos J. Stellatos. "The impact of full disk encryption on digital forensics." ACM SIGOPS Operating Systems Review 42.3 (2008): 93-98. | Iyad Shaheen | |
4/23 | Free Talk | ||||
13 | 4/28 | Project | Status Update discussion | ||
4/30 | Project | Status Update Due | |||
14 | 5/5 | Free Talk | |||
5/7 | Free Talk | ||||
15 | 5/12 | Project | Demo | ||
5/14 | Project | Demo/ Final Paper due |