LABS
A case study for teaching digital forensics to undergraduate students
Hongmei Chi, Edward L. Jones, Christy Chatmon and Deidre Evans
Department of Computer and Information Science, Florida A&M University, 1333 Wahnish Way,
Tallahassee FL 32307-5100, USA
hchi@cis.famu.edu ejones@cis.famu.edu cchatmon@cis.famu.edu deidre.evans@famu.edu
Keywords:
Abstract:
Teaching digital forensics in a college has always been a challenge, especially when hands-on labs are basic
elements of the course. Software and hardware are expensive for digital forensics. This paper addresses
some of these challenges of identifying forensics tools of appropriate cost and functionality. We focus on
inspiring the interest of students with diverse backgrounds, and giving students hands-on experiences
that enhance their pursuit of careers in information assurance or law enforcement. We present a
pragmatic approach to teaching digital forensics, motivated by the growing demand for a professional
workforce.
INTRODUCTION
MOTIVATION
2.1
IA Education
Intro to Computer
Security
30
24
30
18
27
17
22
11
16
11
Applied Security
38
21
40
17
15
12
16
17
29
Digital Forensics
#Certificates
N/A N/A
5
10
HANDS-ON LABS
Table 3. Digital Forensic Tools for Lab
Tool
Access
Data
Forensic
Toolkit
(FTK)[12]
4.1 Tools
Commercial tools for digital forensics are
expensive for any college, with an average cost of
$3,000 -$5,000 per license. With limited funds, it is
unrealistic to spend $50,000 to purchase commercial
tools for one course. Because new tools are being
released into the market, this investment would be
required on a regular basis. Fortunately, there are
many open source and freeware forensics tools
available. Tables 2 and 3 contain lists of tools we
use, along with their major features.
Table 2. Encryption/Decryption Tools for Labs
Tool
Cain Abel
SAMinside
John The Ripper
Camouflage
Helix[8]
Sleuth
Kit[9]
Features
Imager
Registry viewer
Password recovery
Query searching
Data carving
Integrated viewers and media
player to view any set of data.
Imager
Password recovery
Cookie viewer
Internet history viewer
Registry viewer
File recovery
Protected storage viewer
Scan for pictures
Features
Digital steganography
Disk editor
Data recovery
Analyze and compare files
Disk cloning
Drive and file wiper
Encryption
Log
Parser[10]
Paraben
demo [11]
WinHex
1.
2.
3.
4.
5.
CONCLUSIONS
ACKNOWLEDGMENTS
The authors recognize the contribution of
graduate student Jude Desti in implementing many
of the hands-on labs. This work has been supported
in part by U.S. Department of Education grant
P120A080094, and by NSF Minority Institutions
Infrastructure grant CNS-0424556.
REFERENCES
[1]. Austin, R. D. 2007. Digital forensics on the cheap:
teaching forensics using open source tools.
Proceedings of the 4th Annual Conference on
Information Security Curriculum Development
(InfoSecCD'07), September 28, 2007, Kennesaw,
Georgia, ACM, New York, NY, 1-5.
[2] Batten, L. and Pan, L. Teaching Digital Forensics to
Undergraduate Students. IEEE Security and Privacy 6,
3 (May. 2008), 54-56.
[3] Lawrence, K. and Chi, H. Framework for the design
of web-based learning for digital forensics labs,
Proceedings of the 47th Annual ACM Southeast
Regional Conference, March 19-21, 2009, Clemson,
SC.
[4] Manson, D., Carlin, A., Ramos, S., Gyger, A.,
Kaufman, M., and Treichelt, J. Is the Open Way a
Better Way? Digital Forensics Using Open Source
Tools. In Proceedings of the 40th Annual Hawaii
International Conference on System Sciences (HICSS
2007), January 3-6, 2007, Waikoloa, Big Island,
Hawaii, USA. IEEE Computer Society. 266.
[5] McGuire, T. J. and Murff, K. N. 2006. Issues in the
development of a digital forensics curriculum. Journal
of Computing Sciences in Colleges. 22, 2 (Dec. 2006),
274-280
[6] Yasinsac, A., Erbacher, R. F., Marks, D. G., Pollitt, M.
M., and Sommer, P. M. Computer Forensics