COMPSCI 590K: Advanced Digital Forenics Systems | Spring 2020

Schedule

This page is a schedule of topics and readings.

The linked readings are here for your convenience, but the graded reading response must be done through Perusall.

Lecture notes will often but not always be posted sometime following each lecture. Please remember that the notes (when available) are a supplement to, and not a replacement for, attending class and taking your own notes.

This schedule is approximate, and will be updated as the semester progresses.

Unit 1: Introduction

Lectures

  • 01: Introduction
  • 02: Survey / Intro to Carving

Required reading

Optional / supplemental reading

Unit 2: Carving, fragment recovery

Lectures

  • 03: Carving
  • 04: JPEG Recovery
  • 05: DEFLATE

Required reading

Optional / supplemental reading

Unit 3: Hashing, streaming, sampling, and parallelism

Lectures

  • 06: Small Block Hashing
  • 07: Contextual Hashing
  • 08: Similarity Digests

Required reading

Optional / supplemental reading

Unit 4: Filesystems

Lectures

  • 09: FAT and NTFS
  • 10: Ext2/3/4
  • 11: ZFS

Required reading

Optional / supplemental reading

  • Probably the best one-stop shop for FAT, NTFS, and Ext2/3 is the optional textbook for this class, Carrier’s File System Forensic Analysis; I suggest looking over the relevant chapters.
  • You may also find the relevant lecture notes from COMPSCI 365 useful for FAT and NTFS.
  • The Linux NTFS Documentation
  • As usual, Wikipedia has a general but dry introduction to each:

Unit 5: Network forensics

Lectures

  • 12: Intro to Network Forensics
  • 13: BitTorrent Redux
  • 14: OneSwarm
  • 15: Freenet
  • 16: Statistical Detection of Downloaders in Freenet

Required reading

Optional / supplemental reading

Unit 6: Cloud and IoT

Unit 7: Mobile / Cell phone forensics

Unit 8: RAM forensics, reverse engineering

Menu