Home

Awesome

Course Update

(August 2023) Resources for CEH (Certified Ethical Hackers) are uploaded to the repo.

(December 2022) A new course module on "Mobile Disk Forensics" is created.

(December 2022) A tutorial on practicing vulnerability detections on vulnerable websites offered by VulnHub.com is created.

(December 2022) A tutorial on using SQL to query SNORT log file is created.

(December 2022) An extensive tuorial on disk image cration/analysis using DISK EXPLORER NTFS, R DRIVE, WINHEX, ACCESS DATA FTK is created. A disk image (dd file) of size 1.02 GB is also created.

(December 2022) A large set of hands-on experiences (18 samples) on malicious APK files created.

(December 2022) A large set of hands-on experiences (18 samples) on malicious PDF files created.

(March 2022) A set of tutorials on Cuckoo Sandbox was created and uploaded to the Tool-Tutorials folder.

(March 2022) A set of tutorials and hands-on experiences on malware analysis using Rekall uploaded to the Tools-Tutorials folder.

(March 2022) A new module on Malware Analysis along with a few hands-on experience were added to the Lecture Notes folder.

(January 2021) A few video tutorials are uploaded to youtube and added to the course github repository.

(December 2020) Several tutotials added on security tools such as Kali Linux, Burp Suite, etc.

Instructional Materials for the Digital Forensics Course

Texas Tech University, Computer Science Department

Designed and Taught by: Dr. Akbar Namin

A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University 2017 - 2018

This repository contains the instructional modules and course materials developed by Dr. Akbar Namin, Associate Professor of Computer Science at Texas Tech University to teach Digital Forensics. The materials were prepared, developed, taught during 2017 - 2018, and it is evolving. This course initiallay was developed as a graduate-level university course. But it can also be used for undergraduate students. The lecture notes were prepared by the insturctor of the course, the lab and hands-on experiences were developed by students taking the course.

About the Course

Digital forensics has become a must-have skillset for IT professionals and in particular for security experts. Digital forensics and incident response play key roles in detecting and analyzing malware, security breaches, possible countermeasures, and tracing online criminal activities. Digital forensics, malware detection and analysis, and incident responses techniques are very wide and system-dependent. For instance, the techniques and tools used in detecting malware in Windows operating system are quite different than those used in Linux and Mac. Nevertheless, the security expert and more importantly ethical hackers need to be aware of the core and basic general topics and cocepts as well as platform-dependent techniques in order to be able to conduct penetration testing more effectively.

This course introduces the basic concepts and techniques usually employed in digital forensics and malware analysis. The contents are primarily divided into the following major topics:

  1. Reverse Engineering
  2. Disk Forensics
  3. Memory Forensics
  4. Network Forensics
  5. Malware Analysis
  6. Mobile Forensics

These four topics constitute the skeleton of security incidents and challenges. The security and forensics challenges usually exercised at the major hacking conferences such as DEFCON and Black Hat usually require in-depth knowledge of these four major topics when performed in different platforms.

The course is completely practical supported with hands-on experiences and formal lectures. Students taking this course will be able to:

The tentative topics and tools to be covered include:

Learning Outcomes

The following are the expected learning outcomes of the course:

  1. Communicate effectively orally and in writing (LO 1)
  2. Engage in life-long learning and self-critique (LO 2)
  3. Function independently on self-directed projects or research where appropriate (LO 4 )
  1. Graduates are expected to communicate effectively orally and in writing (LO 1 )
  2. Engage in life-long learning and self-critique (LO 2 ).
  3. Function in a multi-disciplinary, and culturally diverse environment with cross-functional teams (LO 3)

Textbooks

There are four sections, each would require a separate textbook. Here is the list of books used for each section:

  1. Reverse Engineering
  1. Disk Forensics
  1. Memory Forensics
  1. Network Forensics
  1. Malware Analysis
  1. Mobile Forensics

Additional Hacking Textbooks

  1. The Hacker Play Book 2: Practical Guide to Penetration Testing, Author: Peter Kim
  2. Hacking: The Art of Exploitation, Author: Jon Erickson

Additional References

WikiSET is a portal, called Wiki for Security Training and Education, that lists useful materials and tutorials for teaching and learning digital forensics.

Course Team-based Project

To stimulate learning, four team and competition-based projects are defined. The four projects will allow students and each team practice the necessary skillsets for each section (i.e., reverse engineering, etc.). For each project, each team plays the role of both blue and red teams and thus is responsible to build an artifact with some secret item that will be discovered by the other team.

For instance, in disk forensics, each team will create a disk dump file with some hidden secret recipes hiden in different sectors, and the other team's job is to discover the secret recipes.

Students Evaluation

Students will be graded based on assignments, exams, and the project (tentative).

Acknowledgements

In preperation of this course including lecture notes, lab assignments, case studies, and hands-on experiences many graduate students involved. In particular, these graduate students contributed to the development of the course through donating their created artifacts:

Special Thanks

  1. NSF Grant Number: 1516636
  2. NSF Grant Number: 1821560