Overview

Welcome: In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs and values expressed by students and staff involved in this course. My colleagues and I support UMass’s commitment to diversity, and welcome individuals regardless of age, background, citizenship, disability, sex, education, ethnicity, family status, gender, gender identity, geographical origin, language, military experience, political views, race, religion, sexual orientation, socioeconomic status, and work experience.

Course description: The goal of forensics is to gather artifacts for refinement into evidence that supports or refutes a hypothesis about an alleged crime or policy violation. Done correctly, forensics represents the application of science to law. The techniques can also be abused to thwart privacy. This course is a broad introduction to forensic investigation of digital information and devices. We will cover the acquisition, analysis, and courtroom presentation of information from file systems, operating systems, networks, cell phones, and the like. Students do not need experience with these systems. We will review the use of some professional tools that automate data harvesting, however, the primary goal of the class is to understand why and from where artifacts are recoverable in these systems. Several assignments involve coding forensic tools from scratch. For a small portion of the class, we will cover some relevant issues from the law, privacy, and current events. Thus, the class serves the well-rounded student who is eager to participate in class discussion on a variety of technical and social issues.

Who is this course for? Undergraduates COMPSCI majors with a strong technical background (COMPSCI 220 or 230) and an interest understanding the technical aspects of digital forensics. This course counts as a COMPSCI elective toward the major (B.S. or B.A.). Graduate students who enroll in 590F will also find the material topical to their program of study and to their professional development. They should expect to cover more of the details, both technical and legal, than the undergraduates enrolled in 365.

Prerequisites: For undergraduates: COMPSCI 220 or COMPSCI 230. CS majors only (others will need to request an override). For CS graduate students: no formal prerequisites, but note that 500-level courses do not fulfill Ph.D. requirements; M.S. and M.S./Ph.D. may use this course in accordance with their degree requirements.

Instructor:
Marc Liberatore
Email: liberato@cs.umass.edu
Phone: 413-545-3061 (on campus: 5-3061)
Office: Computer Science Building, room 318
Office hours: Wednesday 11–1

Teaching Assistant:
Hadi Zolfaghari
Email: hadi@cs.umass.edu
Office hours: Computer Science Building, room 207, Wed 1–2, Thu 1–2

Online questions and answers:
We will be using Piazza for questions and answers. Our course Piazza page is at https://piazza.com/umass/spring2017/compsci365590f/home.

Class meetings: Morrill I, room N375, TuTh 10:00–11:15am.

Materials: There is one required textbook for this class from which many readings will be assigned: Brian Carrier’s File System Forensic Analysis. Most other readings will be provided by the instructor through this site or be available online free through the UMass Library (when logged in or on a campus network).