CS 798 - Digital Forensics and Incident Response

CS 798 - Digital Forensics and Incident Response - Winter 2024

Schedule & Reading List

- Lecture slides will be released after each corresponding lecture.

Introduction
Lecture 1 - Introduction to the course (Jan. 9th)	Textbook Chapters / Reading Materials	Lecture Slides
	1 [Casey]	Lec. 1 slides
Digital Investigation
Lecture 2 - Legal Framework (Jan. 11th)	Textbook Chapters / Reading Materials	Lecture Slides
	2, 3 [Casey]	Lec. 2 slides
Lecture 3 - The Digital Investigation Process (Jan. 16th)	Textbook Chapters / Reading Materials	Lecture Slides
	6, 8.1.1 [Casey]	Lec. 3 slides
Lecture 4 - First Response and Evidence Acquisition (Jan. 18th)	Textbook Chapters / Reading Materials	Lecture Slides
Group formations due	7, 15.3, 16.4, 22.3 [Casey] 16 [Luttgens]	Lec. 4 slides
File System Forensics
Lecture 5 - File Forensics (Jan. 23rd)	Textbook Chapters / Reading Materials	Lecture Slides
Assignment 1 released	2.1 [Carrier]	Lec. 5 slides
Lecture 6 - Steganography and Watermarking (Jan. 25th)	Textbook Chapters / Reading Materials	Lecture Slides
	1, 2.2-2.3, 3.1-3.2 [Johnson]	Lec. 6 slides
Lecture 7 - Storage and Volume Analysis (Jan. 30th)	Textbook Chapters / Reading Materials	Lecture Slides
	3, 4 [Carrier] 8 [Luttgens]	Lec. 7 slides
Lecture 8 - File System Analysis (Feb. 1st)	Textbook Chapters / Reading Materials	Lecture Slides
	8 [Carrier]	Lec. 8 slides
Lecture 9 - Deleted File Recovery and File Carving (Feb. 6th)	Textbook Chapters / Reading Materials	Lecture Slides
	15.3.1 [Casey] 8.7 [Carrier]	Lec. 9 slides
OS, Network, and Memory Forensics
Lecture 10 - Evidence in Operating Systems (Feb. 8th)	Textbook Chapters / Reading Materials	Lecture Slides
	12.2-12.6 [Luttgens]	Lec. 10 slides
Lecture 11 - Web, Email and IM Forensics (Feb. 13th)	Textbook Chapters / Reading Materials	Lecture Slides
	23.1, 23.2, 23.5 [Casey] 14.4-14.6 [Luttgens]	Lec. 11 slides
Lecture 12 - Network Traffic Analysis (Feb. 15th)	Textbook Chapters / Reading Materials	Lecture Slides
Assignment 1 due Assignment 2 released	24.4, 24.5 [Casey] 9.4 [Luttgens]	Lec. 12 slides
Reading Week
No Lecture (Feb. 20th)

No Lecture (Feb. 22nd)

Conference Travel
No Lecture (Feb. 27th)

No Lecture (Feb. 29th)

OS, Network, and Memory Forensics (cont.)
Lecture 13 - Covert Channels and Traffic Obfuscation (Mar. 5th)	Textbook Chapters / Reading Materials	Lecture Slides
	2, 3, 5, 7 [Mazurczyk] Appendix A [Johnson]	Lec. 13 slides
Lecture 14 - Digital Stratigraphy & Memory Forensics (Mar. 7th)	Textbook Chapters / Reading Materials	Lecture Slides
	13.3, 16.6, 17.1.2--4 [Casey] 11--12 [Carrier] 7.5, 7.6, 12.1, 12.7 [Luttgens]	Lec. 14 slides
Anti-Forensics
Lecture 15 - Stealthy Malware (Mar. 12th)	Textbook Chapters / Reading Materials	Lecture Slides
	13.5 [Casey] 15 [Luttgens]	Lec. 15 slides
Lecture 16 - Anonymous Communication and P2P File Sharing (Mar. 14th)	Textbook Chapters / Reading Materials	Lecture Slides
Assignment 2 due Assignment 3 released	23.3--4 [Casey]	Lec. 16 slides
	Levine et al., CCS'20
	Lopes et al., NDSS'24
Lecture 17 - Cryptocurrencies (Mar. 19th)	Textbook Chapters / Reading Materials	Lecture Slides
	Nakamoto, 2008	Lec. 17 slides
	Meiklejohn et al., IMC'13
	Amarasinghe et al., ACSW'19
Lecture 18 - Residue-Free Computing (Mar. 21st)	Textbook Chapters / Reading Materials	Lecture Slides
	Casey et al., Digital Investigation'11	Lec. 18 slides
	Chen et al., PoPETs'22
	Arkema and Sherr, PoPETs'21
Mobile/Cloud Forensics
Lecture 19 - Mobile Forensics (Mar. 26th)	Textbook Chapters / Reading Materials	Lecture Slides
	1, 8-9 [Tamma]	Lec. 19 slides
Lecture 20 - Cloud Forensics (Mar. 28th)	Textbook Chapters / Reading Materials	Lecture Slides
	1-2, 7 [Quick]
Incident Response
Lecture 21 - Pre-Incident Preparation (Apr. 2nd)	Textbook Chapters / Reading Materials	Lecture Slides
	1, 2, 3 [Luttgens]
Lecture 22 - Incident Handling and Remediation (Apr. 4th)	Textbook Chapters / Reading Materials	Lecture Slides
Assignment 3 due	4-6, 17 [Luttgens]