DIGITAL FORENSICS

Northeastern Illinois University Department of Computer Science CS362-1 DIGITAL FORENSICS Instructor: Manar Mohaisen Email: [email protected] Office: CBT 146 Office Hours: Tue 4:30-5:30 pm (in-person), Tue/Thu 9:30-10:30 am (online) Zoom meeting: https://neiu-edu.zoom.us/j/9627000353 Spring 2024 Tuesday 7:05 pm–9:45 pm LWH 2094 Course description: Digital forensic science concerns digital data acquisition, recovery, and investigation. This course introduces computer components, storage devices, and file systems. Topics covered include forensic algorithms, operating systems artifacts analysis, files analysis, network attacks and forensics, Internet artifacts emphasizing browser and mail applications, and memory forensics. Students will use tools and create scripts for digital forensic investigation. Prerequisites: CS-207, CS-355, or CS-360 and ENGL 101 with a minimum grade of C. Course objectives: The objectives for this course are divided into three categories: 1) introducing the fundamentals of digital forensics and related computer, security, and cryptographic concepts, 2) introducing several forensics fields, including operating system forensics, network forensics, email, and social media forensics, malware forensics, and mobile forensics, and 3) introducing digital forensic tools and hands-on implementation of digital investigation. Course outcomes: By the end of this course, students will: • • • • • • • • • • • • Understand the fundamental concepts of digital forensics, including chain of custody and forensic investigation process Master basic forensic scripting using Python and operating system fundamental commands Understand hard disks, filesystems, and media devices that might contain forensic data Be able to perform data acquisition and analysis Understand Windows, Linux, and Mac operating systems artifacts and be able to collect their forensic data Understand fundamental networking concepts, network logging, and log analysis Be able to perform network traffic investigation and essential incident response Understand email systems, email crimes, and investigating email crimes Be able to classify types of malware and perform basic static and dynamic malware analysis Understand mobile threats and mobile forensics process Demonstrate mastery of writing-to-learn through brainstorming and critical thinking Demonstrate mastery of writing-in-the-discipline to generate technical reports in the fields of computer security and digital forensics Recommended Textbooks: • Bill Nelson, Amelia Phillips, and Christopher Steuart, Guide to Computer Forensics and Investigations, 6th edition. Cengage Learning, 2019, ISBN-13: 978-1337568944. Northeastern Illinois University Department of Computer Science • • Andre Arnes (editor), Digital Forensics. Wiley, 2018. ISBN-13: 978-1119262381. John Sammons, The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics, 2nd edition. Syngress, 2015, ISBN-13: 978-0128016350. Class webpage: • D2L: https://neiu.desire2learn.com/ Tentative Brief Content: • • • • • • • • Module 1: Digital Forensics, Forensic Laws, and Investigation Process Module 2: Scripting, Linux Command Line, and Hashing Module 3: Hard Disks, File Systems, and Media Devices Module 4: Data Acquisition, Evidence Collection, and Memory Forensics Module 5: Windows Forensics Module 6: Linux & Mac Forensics Module 7: Network Forensics Module 8: Malware Forensics Tentative course schedule: Week 1: Digital Forensics, Forensic Laws, and Investigation Process Topics: Definitions and Objectives | Cybercrimes | Federal rules of evidence | Types of investigation | Phases of investigation process | Digital Forensics’ related US Laws | Digital forensic cases Week 2: Scripting, Linux Command Line, and Hashing Topics: Python Language (language design paradigms, data types: int, float, complex, str, list, dict, set, bytes | functions | basic classes) | Linux (‣ History of Linux and open source systems ‣ Kali Linux ‣ File Hierarchy Standard ‣ Linux files and file types ‣ fundamental commands ‣ package update/install) | Hashing (‣ cryptographic ‣ non-cryptographic ‣ fuzzy and locality-preserving, locality-sensitive hashing) | Windows command line and PowerShell (Basic commands, file/directory commands, networking commands, drives/partitions commands, environment commands, services commands) | Creating virtual machines and networks | File signature analysis | Hiding secrets in images (basic steganography) Week 3-4: Hard Disks, File Systems, and Media Devices Topics: Hard Disk Drive (HDD) | Solid-State Drive (SSD) | Disk Interfaces | Clusters and Slack Space | Master Boot Record (MBR) | BIOS Parameter Block (BPB) | Booting Process of Windows | Booting Process of Linux | File Systems | Windows and Linux disk analysis commands Week 5-6: Data Acquisition, Evidence Collection, and Memory Forensics Topics: Data acquisition (‣ live acquisition and order of volatility ‣ dead acquisition ‣ logical acquisition ‣ sparse acquisition) | Bitstream imaging (‣ disk-to-image ‣ disk-to-disk) | Data acquisition formats (‣ raw format ‣ proprietary format ‣ advanced forensic format – AFF/AFF4) | Data acquisition methodology (‣ determine data acquisition method ‣ determine data acquisition tool ‣ sanitize the target media ‣ acquire volatile data ‣ enable write protection on the evidence media ‣ acquire non-volatile data ‣ plan for Northeastern Illinois University Department of Computer Science contingency ‣ validate data acquisition) | Windows and Linux data and memory acquisition and analysis commands Week 7-10: Windows Forensics Topics: Collecting volatile information | collecting non-volatile information | memory analysis | registry analysis | Windows registry analysis | web browser artifacts: cache, cookies, and history analysis | Windows file analysis | metadata investigation | event logs analysis | Processes analysis | Print spool analysis | Crash dump analysis | RAM acquisition | Windows forensics using Python Week 11-13: Linux Forensics Topics: Linux file structure and essential files/directories | Linux firewall and services | collecting Linux volatile data | collecting Linux non-volatile data | Linux filesystem image analysis | Linux memory forensics | Linux auditing system | Linux security auditing | Linux information gathering and fingerprinting | Digital forensic platforms (Autopsy and Sleuth) | Investigating evidence from system logs Week 14: Network Forensics Topics: Networking Basics (‣ ISO/OSI model & TCP/IP protocol suite ‣ Protocols & addressing (‣ ARP ‣ IPv4 ‣ IPv6 ‣ ICMP ‣ TCP ‣ UDP ‣ NAT ‣ DNS ‣ DHCP)) | Network components (‣ hub ‣ switch ‣ bridge ‣ router ‣ firewall ‣ router ‣ DMZ) | Network attacks (‣ wired network attacks ‣ wireless network attacks ‣ indicators of compromise (IoC) ‣ collecting network-based evidence) | Network logging | Event correlation (‣ event correlation steps ‣ types of event correlation ‣ event correlation approaches) | analyzing network logs | network traffic investigation (‣ network sniffing ‣ traffic analysis for attack attempts) Week 15: Malware Forensics Topics: Definitions | Types of malware | Malware spreading | Components of malware (‣ crypter ‣ downloader ‣ dropper ‣ exploit ‣ injector ‣ obfuscator ‣ packer ‣ payload ‣ malicious code) | Portable executable file format (PE file format) | Types of malware analysis (‣ static ‣ dynamic) | Static analysis using Linux commands and Python | Introduction to malware analysis Week 16: Final Exam or Project Presentations Laboratory & reports: We will have 15 lab sessions. Attending the labs is mandatory. Students should submit a report within one week of each lab session. The report should include a 150-200 words non-technical summary of the lab and a technical report of the results of performing the lab in the class under the supervision of the professor. The report should consist of at least four (4) A4 pages, single space, and a font size of 12. You might finalize the lab after the lab session. The report with the lowest score will be dropped. Grading policy: Your course’s grade will be the weighted average of the following. Category Project Laboratories & reports Attendance, participation & integrity Weight 20% 70% 10% Percentage [90, 100] [80, 90[ [70, 80[ [60, 70[ [0, 60[ Grade A B C D F Northeastern Illinois University Department of Computer Science (*) Students might work in groups of up to 3 students. Projects will be assigned 4 weeks before the final presentation date. Available resources: • • • Office hours: Office hours will be in-person or via Zoom (check the list of office hours on top of the first page of the syllabus). Appointments: You can always ask for a one-on-one meeting if the regular office hours overlap with your other classes or your work schedule or if you need more time to discuss the material with the instructor. E-mail: You can ask as many questions as you wish through email. I reply within 48 hours from the time I receive your email. I may offer you a one-on-one meeting to discuss your questions if necessary. Course General Policies AI Policy: ChatGPT, Bard, or any similar model is strictly prohibited during the completion of homework assignments and examinations for this course. These assessments are designed to evaluate individual understanding, critical thinking skills, and the application of course concepts. External assistance undermines these evaluations’ purpose and compromises the learning process’s integrity. Students must depend on their own knowledge, skills, and efforts to demonstrate their understanding of the course material. Students’ commitment to upholding the principles of academic integrity is essential for the fair evaluation and successful learning experience of all participants in this course. Violating any element of this policy will be considered plagiarism and will be addressed accordingly. Phone, Tablet, and Laptop Use Policy: • • • • These devices should be used for educational purposes only, including taking notes and checking course materials. Avoid using any of these devices for texting, making or receiving calls, or visiting social media websites during the class. In case of an emergency and you deem it urgent to receive a call or respond to a message, you can leave the classroom for a brief period to do so. Any violations will result in loss of “attendance, participation & integrity” points. Attendance: Attendance is mandatory. Plagiarism: The first plagiarism occurrence will mean an F for the submitted work. The second occurrence will mean an F in the course. Academic Integrity Policy: By enrolling in this course, you are bound by the NEIU Student Code of Conduct: http://www.neiu.edu/university-life/student-rights-and-responsibilities/student-code-conduct. You will be informed by your instructor of any additional policy specific to your course regarding plagiarism, class disruptions, etc. ADA Statement: Northeastern Illinois University (NEIU) complies with the Americans with Disabilities Act (ADA) in making reasonable accommodations for qualified students with disabilities. To request Northeastern Illinois University Department of Computer Science accommodations, students with special needs should make arrangements with the Student Disability Services (SDS) office, located on the main campus in room D104. Contact SDS via (773) 442-4595 or http://www.neiu.edu/university-life/student-disability-services. Campus Safety: Emergency procedures and safety information can be found at neiu.edu/police. Download the CampusShield app on Google Play or the App Store for enhanced public safety services, including emergency text notifications via Northeastern’s N-Safe system.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.