CS 798 - Digital Forensics and Incident Response - Winter 2025

Schedule & Reading List

- Lecture slides will be released shortly before each corresponding lecture.
Introduction
Lecture 1 - Introduction to the course (Jan. 6th) Textbook Chapters / Reading Materials Lecture Slides
1 [Casey] Lec. 1 slides
Digital Investigation
Lecture 2 - Legal Framework (Jan. 8th) Textbook Chapters / Reading Materials Lecture Slides
2, 3 [Casey] Lec. 2 slides
Lecture 3 - The Digital Investigation Process (Jan. 13th) Textbook Chapters / Reading Materials Lecture Slides
6, 8.1.1 [Casey] Lec. 3 slides
Lecture 4 - First Response and Evidence Acquisition (Jan. 15th) Textbook Chapters / Reading Materials Lecture Slides
Group formations due 7, 15.3, 16.4, 22.3 [Casey]
16 [Luttgens] 		Lec. 4 slides
File System Forensics
Lecture 5 - File Forensics (Jan. 20th) Textbook Chapters / Reading Materials Lecture Slides
Assignment 1 released 2.1 [Carrier] Lec. 5 slides
Lecture 6 - Steganography and Watermarking (Jan. 22nd) Textbook Chapters / Reading Materials Lecture Slides
1, 2.2-2.3, 3.1-3.2 [Johnson] Lec. 6 slides
Lecture 7 - Storage and Volume Analysis (Jan. 27th) Textbook Chapters / Reading Materials Lecture Slides
3, 4 [Carrier]
8 [Luttgens]		 Lec. 7 slides
Lecture 8 - File System Analysis (Jan. 29th) Textbook Chapters / Reading Materials Lecture Slides
8 [Carrier]
 Lec. 8 slides
Lecture 9 - Deleted File Recovery and File Carving (Feb. 3rd) Textbook Chapters / Reading Materials Lecture Slides
15.3.1 [Casey]
8.7 [Carrier] 		Lec. 9 slides
OS, Network, and Memory Forensics
Lecture 10 - Evidence in Operating Systems (Feb. 5th) Textbook Chapters / Reading Materials Lecture Slides
12.2-12.6 [Luttgens] Lec. 10 slides
Lecture 11 - Web, Email and IM Forensics (Feb. 10th) Textbook Chapters / Reading Materials Lecture Slides
23.1, 23.2, 23.5 [Casey]
14.4-14.6 [Luttgens]		 Lec. 11 slides
Lecture 12 - Network Traffic Analysis (Feb. 12th) Textbook Chapters / Reading Materials Lecture Slides
Assignment 1 due
Assignment 2 released		 24.4, 24.5 [Casey]
9.4 [Luttgens]		 Lec. 12 slides
Reading Week
No Lecture (Feb. 17th)
No Lecture (Feb. 19th)
OS, Network, and Memory Forensics (cont.)
Lecture 13 - Covert Channels and Traffic Obfuscation (Feb. 24th) Textbook Chapters / Reading Materials Lecture Slides
2, 3, 5, 7 [Mazurczyk]
Appendix A [Johnson]		 Lec. 13 slides
Lecture 14 - Digital Stratigraphy & Memory Forensics (Feb. 26th) Textbook Chapters / Reading Materials Lecture Slides
13.3, 16.6, 17.1.2--4 [Casey]
11--12 [Carrier]
7.5, 7.6, 12.1, 12.7 [Luttgens]		 Lec. 14 slides
Anti-Forensics
Lecture 15 - Stealthy Malware (Mar. 3rd) Textbook Chapters / Reading Materials Lecture Slides
13.5 [Casey]
15 [Luttgens]		 Lec. 15 slides
Invited Talk (Mar. 5th)
Lecture 16 - Anonymous Communication and P2P File Sharing (Mar. 10th) Textbook Chapters / Reading Materials Lecture Slides
23.3--4 [Casey] Lec. 16 slides
Levine et al., CCS'20
Lopes et al., NDSS'24
Lecture 17 - Cryptocurrencies (Mar. 12th) Textbook Chapters / Reading Materials Lecture Slides
Assignment 2 due
Assignment 3 released		 Nakamoto, 2008 Lec. 17 slides
Meiklejohn et al., IMC'13
Amarasinghe et al., ACSW'19
Lecture 18 - Residue-Free Computing (Mar. 17th) Textbook Chapters / Reading Materials Lecture Slides
Casey et al., Digital Investigation'11 Lec. 18 slides
Chen et al., PoPETs'22
Arkema and Sherr, PoPETs'21
Mobile/Cloud Forensics
Lecture 19 - Mobile Forensics (Mar. 19th) Textbook Chapters / Reading Materials Lecture Slides
1, 8-9 [Tamma] Lec. 19 slides
Lecture 20 - Cloud Forensics (Mar. 24th) Textbook Chapters / Reading Materials Lecture Slides
1-2, 7 [Quick] Lec. 20 slides
Incident Response
Lecture 21 - Pre-Incident Preparation (Mar. 26th) Textbook Chapters / Reading Materials Lecture Slides
1, 2, 3 [Luttgens] Lec. 21 slides
Lecture 22 - Incident Handling and Remediation (Mar. 31st) Textbook Chapters / Reading Materials Lecture Slides
4-6, 17 [Luttgens] Lec. 22 slides
Lecture 23 - DFIR playground demo (Apr. 2nd) Textbook Chapters / Reading Materials Lecture Slides
Assignment 3 due