COMPSCI 590K: Advanced Digital Forenics Systems | Spring 2020

Assignments

This page is a master list of all assignments and due dates for the course. It will be updated as assignments are made available.

It does not include readings, which will be posted on Perusall (and also linked to on the schedule). You must do the readings via the Perusall link on the course Moodle page to receive credit. There are generally readings due before every regular lecture.

Assignments are due at 9pm, unless otherwise noted.


  • Midterm 1 Feb 20 Thu
  • Midterm 2 Mar 31 Tue
  • Final Exam May 06 Wed

(Click through for the whole text of the assignment)!

Assignment 01: Intro and Carving

This assignment is due by 9pm on Tuesday, February 11th. It must be submitted through Moodle. (Be sure to click through for the whole thing!) (10 points) Suppose you were tasked with acquiring an image of a large hard disk drive. Specifically, you are imaging the 10 TB Western Digital Red NAS Hard Drive. How long would it take to linearly read every bit of this drive (hours and minutes)?

Assignment 02: Hashing and recovery

This assignment is due by 9pm on Thursday, February 27th Tuesday, March 3rd. It must be submitted through Moodle. (10 points) Suppose you were going to use a Bloom filter to represent the data stored on a 10 TB drive, using the small-block method proposed by Garfinkel et al. Your intention is to be able to keep this Bloom filter in the memory of a reasonably-provisioned workstation for use in other forensics tasks.

Assignment 03: Filesystem Lab

This assignment is due by 9pm on Thursday, March 26. It must be submitted through Moodle. In this assignment, which is more lab-like than question-based, you will explore the implementation of create several filesystems. In particular, you will manipulate them in specified ways (creating and deleting files), and then see which portions of those files are recoverable or not. You’ll need access to a UNIX-like system to complete this assignment.

Assignment 04: Filesystem Modification

This assignment is due by 9pm on Thursday, March 26. It must be submitted through Moodle. In this assignment, you are going to demonstrate your understanding of the on-disk format of a simple filesystem (FAT16). In particular, you are going to modify an existing disk image by directly manipulating it. You’ll need to download a copy of adams.dd, which you may remember from the first lecture. You will also likely want to have TSK installed, as well as have access to a hex editor.

Assignment 05: Network Investigations

This assignment is due by 9pm on Tuesday, April 14th. It must be submitted through Moodle. (15 points) In lecture, we talked about how you might be able to identify multi-file .torrent files that contain files of interest, assuming you already have access to the file-of-interest list. Recall this task is not entirely trivial, since piece boundaries within the .torrent are generally not aligned to file boundaries. Suppose that you have a single file of interest you wish to be able to detect in .

Assignment 06: Memory Forensics

This assignment is due by 9pm on Thursday, April 30th. It must be submitted through Moodle. In this assignment, you’ll examine a memory image for a rogue process, and try to learn some details about what that process was up to. In other words, you’ll work through some uses cases of Volatility to get hands-on experience with memory forensics! Preparation Volatility is a Python program, so you can probably run it in any Python2 environment you have accessible.
Menu