Host ForensicsLogisticsGEORGIOS PORTOKALIDIS

GPORTOKA@STEVENS.EDU

CS695 - HOST FORENSICS 2

Logistics Information about the course can be found in:

◦ The website http://www.cs.stevens.edu/~gportoka/cs695.html◦ Moodle

Schedule◦ Lectures are on Tuesday 11:00am-1:15pm (Lieb 218)◦ Office hours by appointment

CS695 - HOST FORENSICS 3

Books The course does not require a textbook, however the following material could be useful:

◦ Keith J. Jones, Richard Bejtlich, Curtis W. Rose, Dan Farmer, Wietse Venema, Brian Carrier, Computer Forensics Library Boxed Set (contains Forensic Discovery, Real Digital Forensics, and File System Forensic Analysis), Addison-Wesley Professional

◦ Chris Eagle, The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, No Starch Press

◦ Warren G. Kruse II, Jay G. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley Professional (This could be of particular interest to students interested in forensics and law enforcement)

Read the papers on the week-by-week schedule before coming to class◦ Try to form an opinion

CS695 - HOST FORENSICS 4

Grading Your grade will be determined by:

◦ Class participation 20%◦ Read papers before coming to class◦ Discuss in class

◦ Assignments 20%◦ Smaller assignments will be given in class◦ No late submissions

◦ Project 40%◦ Will (should) be discussed in detail

◦ In-class presentations 20%◦ Students will be called to present papers part of the course’s reading material and beyong◦ Assignment will be made in the previous lecture

CS695 - HOST FORENSICS 5

The Project Start with a proposal

◦ Identify a problem◦ Read related work◦ Formulate a plan to solve it◦ Formulate a plan to evaluate your solution

Implement it◦ Meet with me in a bi-weekly basis for guidance and to ensure continuous progress

Evaluate it◦ Is it correct?◦ Is it fast?

Deliverables◦ Code◦ Report: submit a report describing the problem, discussing related work, and presenting your approach and

implementation. Credit will be also given for evaluating the work on appropriate axes.

CS695 - HOST FORENSICS 6

Rules Project can be done by teams of up to 2-3 people after consulting the instructor

◦ Smaller projects should be done individually◦ Larger projects could be done in a group

Assignments should always be done individually

CS695 - HOST FORENSICS 7

Questions Before emailing anyone search online

Use moodle

Then ask me

CS695 - HOST FORENSICS 8

Thematic Areas

Identifying relevant informationTracking data flow

Reverse engineering software, protocols, or systems

Collecting and recovering data Malware analysis

CS695 - HOST FORENSICS 9

Useful Software Links to related software will be given during the lectures

Useful software to start looking into◦ VirtualBox ◦ QEMU◦ IDA demo version