CS 525 –Special Topics in Digital Forensics

Fall 2015

 

Instructor:                             Dr. Suzanne Mello-Stark

Office Location:                   Fuller Hall 21B

Telephone:                           508-831-5687

Email:                                     simellostark@cs.wpi.edu (best way to reach me)

My website:                          http://www.cs.wpi.edu/simellostark

Office Hours:                       Tuesday and Thursday 1:00-2:00 pm

                                                or by appointment

Class Days/Times:               Tuesday and Thursday 4:00-5:20

Classroom:                            Salisbury Labs 407  

Prerequisites:                       Graduate/undergraduate course in security or equivalent experience

Course Description

 This course examines forensic science techniques and explores ways in which to apply them to the discovery, collection and analysis of digital evidence.  Students practice extracting data from computer hardware, operating systems, networks and/or mobile devices.  This class also delves into the legal considerations surrounding digital forensic investigations.  Topics include studying how to document forensic procedures and providing expert testimony.  This class requires students to engage in current research and a course project that further develops these themes.   Students from all departments are welcome.  (Prerequisites: a graduate or undergraduate course in security or equivalent experience.) (3 credits)

 

Learning Outcomes

Upon successful completion of this course, students will be able to:

·      Summarize the basic principles of digital forensics

·      Summarize the important laws regarding digital forensics

·      Understand the importance of maintaining the integrity of evidence

·      Describe the proper approach for data acquisition and analysis while protecting evidence

·      Demonstrate the use of various digital forensic tools

·      Demonstrate the ability to accurately document forensic procedures and report the results

·      Demonstrate the ability to conduct research in a related topic

Software

We will be using various forensic tools throughout the course.  Students are expected to be resourceful and learn the technologies necessary on their own.  For example, it may be necessary to use a virtual machine if you don’t have access to a tool/operating system native on your personal computer.

 

Required Text

 

Digital Archaeology – The Art and Science of Digital Forensics, Michael W. Graves, Addison-Wesley, 2014.  ISBN 978-0-321-80390-0

 

Recommended Text

 

COMPTIA A+ Certification Exam Guide, Michael Meyers, Scott Jernigan, McGraw Hill, 8th Edition, 2012  ISBN 978-0-071-79512-8

 

Course Web Site

 

You can find the course website by logging into your blackboard.wpi.edu.

 

Assignments and Grading Policy

Readings and homework assignments are assigned most weeks. If an assignment is not turned in on time, 10% will be taken off each day late. Assignments will not be accepted after a week late.

In a graduate level course, students are expected to participate and often lead the class. Research papers will be assigned and presented.  There will be two exams during the term and a final research project.  If a student must miss an exam, the instructor must be told in advance and arrangements must be made to take the exam as soon as possible.  If you miss a class, you are responsible for getting the material covered from a fellow classmate.  Backup your work frequently!  Computer failure or data loss will not excuse you from doing the assignments.

In-Class Participation and Preparation:    10%

Homework Assignments:                          30%

Two Exams:                                                  30%

Topical Paper and Presentation:                10%

Final Research Project:                                20%

 

 

Tentative Course Schedule (dates are subject to change)

Week

Date

Topics

1

Aug 27-Aug28

 

No Classes this week – Thursday, Aug 27th operates on a Monday schedule.

2

Aug 31-Sept 4

Understanding Digital Forensics Investigations

The Laws Affecting Digital Forensics

3

Sept 7 – Sept 11

Search Warrants and Subpoenas/What makes Evidence Admissible?/Privacy Concerns

4

Sept 14-18

Proper Data Acquisition Techniques (hashing and bit-for-bit copy techniques for media, memory and running processes)

5

Sept 21-25

Analyzing Hard Drives/ Recovering Lost Files

6

Sept 28-Oct 2

Document analysis, Metadata

7

Oct 5-9

Email Investigations – An approach to email analysis

8

Oct 12-16

Expert Witness Testimony and Good Report Writing

Oct 15 - Exam 1

9

 

Oct 19-23

Fall Recess

10

 

Oct 26-31

Classic and Modern Cryptography

11

Nov 2-6

Steganography and the analysis of graphic files

12

Nov 9-13

 

Web Forensics

13

Nov 16-20

Excavating a Cloud

Nov 19 - Exam 2

14

Nov 23-27

Thanksgiving Recess (only Monday Classes meet)

15

Nov 30-Dec 4

Performing Network Analysis

16

Dec 7-11

Mobile Forensics

17

Dec 14-18

Student Final Research Project Presentations

 The above schedule, policies, procedures, and assignments are subject to change in the event of extenuating circumstances, by mutual agreement, and/or to ensure better student learning.

 

 

Homework Assignments

 

Homework assignments will be assigned to practice with various forensic tools and techniques at your own pace.  You will also be expected to practice your report writing skills.  Rubrics will be given for each assignment.

 

Topical Paper and Presentation

 

During the term, each student will research an emergent digital forensics topic and write a brief paper (5 pages) and give a short presentation (20 minutes) on the topic.  The time and date of the presentation/paper and rubric will be discussed at the beginning of the term.

 

Final Research Project

 

Working individually or in small groups, we will choose new forensic tools/techniques we are interested in exploring.  Students will research and give a demonstration of the tool and its usefulness in the last week of the class.   At midterm, projects will require a statement of work containing the problem being addressed, a proposed deliverable and basic approach.  If a group project is chosen, the team members and their roles will also be described.   A complete rubric will be discussed during the term. 

 

University Course Policies

 

Academic Integrity

 

All work submitted for credit must be your own. Plagiarism is cheating and will be dealt with accordingly. You may not share your solutions to homework questions with others. Review WPI’s Academic Honesty Policies at: http://www.wpi.edu/Pubs/Policies/Honesty/policy.html

 

Student Disability Services

 

If you need course adaptations or accommodations because of a disability, or if you have medical information to share with me, please make an appointment with me as soon as possible. If you have not already done so, students with disabilities who believe that they may need accommodations in this class are encouraged to contact the Office of Disability Services as soon as possible to ensure that such accommodations are implemented in a timely fashion. This office is located in the West St. House (157 West St), (508) 831.4908.

 

A Special Statement Concerning Ethics

 

Tools and programs that can be used to retrieve data from hard drives and networks should only be used in an ethical, professional and legal manner. This means that they should only be used to examine your personal hard drives/networks or that you have explicit written consent from the owner of the systems.  The knowledge presented in this course is in no way intended for use in any illegal capacity and is meant to aid learning and development of digital forensics practices and concepts only.