Days: Tuesdays and Thursdays at 11am
This course focuses on topics in cyber forensics. The course is structured as a seminar where students jointly discuss selected papers and implement some of the ideas set forth in these papers. Introduction to Computer Security (COMP535) or equivalent is required as a prerequisite before taking this course. It is expected that students have good familiarity with Operating Systems concepts (e.g., memory management, processes, file systems). In addition, familiarity with low-level systems programming (e.g., C and assembly) will be necessary for understanding the details of some of the assigned readings, and will be helpful in completing the in-class exercises (example, on malware analysis).
The course project will involve validating ideas covered in one or more papers/topics discussed in class. For the most part, the project will entail extending an existing framework (mostly using Volatility) to assess the feasibility of ideas suggested from a myriad of sources (e.g., textbooks, academic papers, blog posts). Topics include memory acquisition, process memory internals, disk and file system artifacts, network artifacts, event reconstruction, time-line analysis, and malware forensics. The course project involves extending the (short) programming exercises given throughout the course. Several ideas for potential projects will be suggested (based on the list of papers below), but students are encouraged to work on topics that they are passionate about. Think of the course project as designing a lablet (with exercises) that would be suitable for students taking Comp535. Your lablet will be graded by your peers.
|Readings and Presentations|
Students are required to read the material assigned during the semester and be able to competently discuss the material in class. Students will be required to use a version control system (git) for sharing the solutions to the assigned tasks and explaining how they solved a given task.
Thursday 2pm-3:30 and by appointment.
Registered students will automatically be added to the course mailing list.
This is intended to be an INTERACTIVE class, and as such, class participation will play a significant role in the course grading criteria. (If you've taken COMP535 with me, then you know what I mean!) Students will be graded on the how well they present the solutions to the rest of the class, their participation in discussions, and their course project. Tentative weights for the grading are as follows:
|Programming tasks and in-class explanations||25%|
|Books and supplemental readings|