12: THD, Phone Forensics, Image Analysis

  1. (10 points) Define the “Trojan Horse defense” in terms of “actus reus” and “mens rea”.

  2. (10 points) List two methods of countering the Trojan Horse defense that can be performed by law enforcement during the execution of a search warrant and/or interview.

  3. (20 points) Garfinkel et al.’s article on small block forensics is motivated by four main reasons. They state at the start of the article, “there is a growing need for automated techniques and tools that operate on bulk data, and specifically on bulk data at the block level.” What are these reasons?

  4. (15 points) The “small block forensics” approach proposed by Garfinkel et al. includes the use of sampling from a drive to find files already known to be of interest. Suppose you’ve recently acquired 160TiB (that is, 160 * 240 bytes) of data, and you are looking for any portion of 512GiB (512 * 230 bytes) of files that you know to be of interest. How many 4096 byte samples (uniform, at random, without replacement) would you expect to have to take from the drive such that the probability of failing to find even one of the files of interest is less than 0.01% (that is, p < 0.0001)? Make the simplifying assumption that all files are located at 4096 byte offsets.

    You can find the answer entirely analytically. Show your work for possible partial credit. If you write a (short!) program to aid you, include its source for possible partial credit. In either case, if the grader is unable to understand your approach, do not expect partial credit.

  5. (10 points) Describe the basic use of block hash filtering in the Walls et al. article on DEC0DE. What are the specific steps that are taken?

  6. (15 points, 5 each) Three short questions about the Viola-Jones approach to real-time object (face) detection.

    a. Describe at a high level how individual features are selected and combined to form a classifier.
    b. Explain what a “Haar cascade” is, and specifically, why it is a conservative optimization.
    c. Compute the integral image values for the following array of values.

    1 0 2 3
    0 2 1 3
    1 3 0 2

  7. (10 points) SRTIs are online here: http://owl.umass.edu/partners/courseEvalSurvey/uma/. Please confirm that you have done yours for this course (or that you will absolutely, definitely do so before you leave campus this semester). Or, you know, lie to me and just get the 10 points.