695.742.8VL - Digital Forensics Technologies and Techniques

Expanded Course Description

In line with the undercurrent of the data science/analysis based forensics, this course will introduce how statistical analysis, machine learning, and data visualization techniques can be applied for solving digital forensics problems.

Course Structure

The course content is divided into modules. Course Modules can be accessed by clicking Course Modules on the left menu. A module will have several sections including the overview, content, readings, discussions, and assignments. Students are encouraged to preview all sections of the module before starting. Most modules run for a period of seven (7) days, exceptions are noted on the Course Outline page. Students should regularly check the Calendar and Announcements for assignment due dates.

Course Topics

• Course Overview, Digital Forensics Overview
• Forensics Examination Platform: Forensic Tools and supporting environment
• File systems Forensics
• Data and File Recovery, Data Hiding
• Data Science and Analysis techniques
• Data Mining and Machine Learning for Forensics
• Steganography/ Watermarking technology
• Multimedia Forensics/ Steganalysis
• Network and Internet Forensics, Web Browsing Artifacts
• File Analysis
• Malware Analysis
• Pot Pourri: Log files, PDF files, Cloud Forensics
• Anti-Forensics, Next Generation Forensics

Course Goals

To achieve a broader scientific understanding of the Digital Forensics technologies and techniques as well as to be able to apply some of the available forensic tools and techniques to perform a number of application and file forensics.

Course Learning Outcomes (CLOs)

• • Assess the capabilities of existing forensic technologies and tools applicable to a variety of forensic processing, including file/network forensics, multimedia forensics, and application forensics.
• • Apply emerging data processing/mining technologies and statistical techniques to perform digital forensic analysis.
• • Construct a development suite for general forensic analysis environment
• • Demonstrate findings of the contemporary literature on the changing area of digital forensics.

Textbooks

Required : Operating System Forensics by  Ric Messier and Kevin Mackay

Syngress Publishing © 2016, ISBN:9780128019498

Other Materials & Online Resources

The following two referenced readings will be made available through electronic reserve.

R1. Maloof, Marcus A. (Ed.) , Machine Learning and Data Mining for Computer Security- Methods and Applications, 2006, ISBN: 978-1-84628-029-0 [Chapter 3, pages 23-46]

R2. Raggo M and Hosmer C, “Data Hiding,” Syngress, ISBN 978-1-59749-743-5 [Chap 3, 10]

In addition, some selected papers will be used from literature such as IEEE Transaction on Information Forensics & Security, Proceedings of Digital Forensic Research Workshop, etc. Supplementary information for the course will be available in Canvas.

Required Software

A number of forensic tools (open source/shareware/freeware), referenced in the textbook will be used in the class, which you will need to download.

Optional: You may decide to use Matlab to complete some assignments. You will need access to a recent version of MATLAB with the Signal Processing Toolkit. The MATLAB Total Academic Headcount (TAH) license is now in effect. This license is provided at no cost to you. Send an email to software@jhu.edu to request your license file/code. Please indicate that you need a standalone file/code. You will need to provide your first and last name, as well as your Hopkins email address. You will receive an email from Mathworks with instructions to create a Mathworks account. The MATLAB software will be available for download from the Mathworks site.

Student Coursework Requirements

It is expected that each module will take approximately 7–10 hours per week to complete. Here is an approximate breakdown: reading the assigned sections of the texts (approximately 3–4 hours per week) as well as some outside reading, listening to the audio annotated slide presentations (approximately 1–2 hours per week), participation in discussion approx 1 hour, and writing homework assignments or preparing for a quiz (approximately 2–3 hours per week).

This course will consist of four basic student requirements. Some generic descriptions of these requirements are furnished below. Students are advised however to follow specific guidelines provided throughout the course duration.

Preparation and Participation - Class Discussions (10% of Final Grade Calculation)

Each student is responsible for carefully reading all assigned material and being prepared for discussion. The majority of readings are from the course text. Additional reading will be assigned from supplement text readings.

Post your initial response to the discussion questions by the evening of day 3 for that module week. Posting a response to the discussion question is part one of your grade for class discussions (i.e., Timeliness).

Part two of your grade for class discussion is your interaction (i.e., responding to classmate postings with thoughtful responses) with at least two classmates (i.e., Critical Thinking). Just posting your response to a discussion question is not sufficient; we want you to interact with your classmates. Be detailed in your postings and in your responses to your classmates' postings. Feel free to agree or disagree with your classmates. Please ensure that your postings are civil and constructive.

The instructor will monitor class discussions and will respond to some of the discussions as discussions are posted. In some instances, he will summarize the overall discussions and post the summary for the class.

Preparation and participation is evaluated by the following grading elements:

1. Timeliness (30%)
2. Critical Thinking (40%)
3. 3CQ (complement, comment, connect, and question) structure of a response (30%)

Preparation and participation is graded as follows:

100–90 = A—Timeliness [regularly participates; all required postings; early in discussion; throughout the discussion]; Critical Thinking [rich in content; full of thoughts, insight, and analysis]; 3CQ [all 4 components of 3CQ are clearly present in response]

89–80 = B—Timeliness [frequently participates; all required postings; some not in time for others to read and respond]; Critical Thinking [substantial information; thought, insight, and analysis has taken place]; 3CQ [all 4 components of 3CQ are present in response, but not in a coherent fashion]

79–70 = C—Timeliness [infrequently participates; all required postings; most at the last minute without allowing for response time]; Critical Thinking [generally competent; information is thin and commonplace]; 3CQ [some component(s) of 3CQ are absent in response]

Assignments – Homeworks/Quizzes (20% of Final Grade Calculation)

Assignments will include a mix of qualitative assignments (e.g. literature reviews, analysis techniques), quantitative (including verification using software tools/programming language), and case study updates. Include a cover sheet with your name and assignment identifier. Also include your name and a page number indicator (i.e., page x of y) on each page of your submissions. Each problem should have the problem statement, assumptions, computations, and conclusions / discussion delineated. All Figures and Tables should be captioned and labeled appropriately.

All assignments are due according to the dates in the Calendar. Late submissions will be reduced by one letter grade for each half-week late (no exceptions without prior coordination with the instructor).

Qualitative assignments are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
3. Rationale for answer is provided (20%)
4. Examples are included to illustrate rationale (15%) (If a student does not have direct experience related to a particular question, then the student is to provide analogies versus examples.)
5. Outside references are included (15%)

Qualitative Assignments are graded as follows:

100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].

89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].

79–70=C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].

<70=F—Some parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rudimentary and superficial; no analysis or insight displayed].

Quantitative assignments are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Assumptions are clearly stated (20%)
3. Intermediate derivations and calculations are provided (25%)
4. Answer is technically correct and is clearly indicated (25%)
5. Answer precision and units are appropriate (10%)

Quantitative Assignments are graded as follows:

100–90 = A—All parts of question are addressed; All assumptions are clearly stated; All intermediate derivations and calculations are provided; Answer is technically correct and is clearly indicated; Answer precision and units are appropriate.

89–80 = B—All parts of question are addressed; All assumptions are clearly stated; Some intermediate derivations and calculations are provided; Answer is technically correct and is indicated; Answer precision and units are appropriate.

79–70=C—Most parts of question are addressed; Assumptions are partially stated; Few intermediate derivations and calculations are provided; Answer is not technically correct but is indicated; Answer precision and units are indicated but inappropriate.

<70=F—Some parts of the question are addressed; Assumptions are not stated; Intermediate derivations and calculations are not provided; The answer is incorrect or missing; The answer precision and units are inappropriate or missing.

Course Project (25% of Final Grade Calculation)

A class project will be assigned several weeks into the course. One of the last weeks will be devoted to the class project.

The class project is evaluated by the following grading elements:

1. Student preparation and participation (as described in Class Project Description) (35%)
2. Student technical understanding of the class project topic (as related to individual role that the student assumes and described in the Class Project Description) (25%)
3. Team preparation and participation (as described in Class Project Description) (20%)
4. Team technical understanding of the class project topic (20%)

Class Project is graded as follows:

100–90 = A—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities well defined and understood; individual/ team well versed in use of Adobe Connect; individual/ team work product(s) agreed to, well prepared and available to all team members/ instructors]; Student Understanding/ Team Understanding [rich in content; full of thought, insight, and analysis].

89–80 = B—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities well defined and understood; individual/ team well versed in use of Adobe Connect; individual/ team work product(s) agreed to and prepared]; Student Understanding/ Team Understanding [substantial information; thought, insight, and analysis has taken place].

79–70 = C—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities agreed to; individual/ team well versed in use of Adobe Connect; individual/ team work product(s) prepared]; Student Understanding/ Team Understanding [generally competent; information is thin and commonplace].

Exams (45% of Final Grade Calculation)

Mid Term 20% (Module 8), Final Comprehensive 25% (Module 14). Each exam will have MCQ, T/F, and short-answer questions. You can take the test anytime during the last three days of the Exam modules, but once you start, you will have only a limited time to complete.

The exams are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
3. Rationale for answer is provided (20%)
4. Examples are included to illustrate rationale (15%) (If a student does not have direct experience related to a particular question, then the student is to provide analogies versus examples.)
5. Outside references are included (15%)

Exams are graded as follows:

100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].

89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].

79–70 = C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].

Grading Policy

Final grades will be determined by the following weighting:

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. 

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. 
 
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.