Skip to content

asiamina/cyberforensics

Repository files navigation

Update

(August 2022) The module on Capture-the-Flag (CTF) Challenges on Android Forensics is created and added to the tool (August 2022) DigitalFIRE (Digital Forensic and Incident Response Exercies), an educational platform for collaborative solving of Capture-the-Flag (CTF) Challenges is published on GitHub.

DigitalFIRE: A Platform for practicing Capture-the-Flag (CTF) activities and solving challenges collaboratively.

Texas Tech University, Computer Science Department

Designed and Taught by: Dr. Akbar Namin

A CTF project on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University

DigitalFIRE (Digital Forensic and Incident Response Exercise) is an educational collaborative tool developed by the Dr. Akbar Namin's Research Team, an Associate Professor Computer Science at Texas Tech University. The platform enables students to practice solving challenges through step-by-step guidelines and discover pieces of data that are required to solve each challenge. The tool can be used for training and also recruiting students who eventually work as ethical hackers and penetration testing experts.

Digital-FIRE is inspired by the Sandia National Lab digital forensics tool called "Tracer FIRE" and more importantly the competition-based CTF activities and challenge solving often observed at hacking conferences such as DEFCON.

Digital-FIRE contains several modules (and it is still evolving and growing) including mobile forensics that helps in both training students who are interested in the blue and red teams activities.

About the Course

Digital forensics is an important and exciting area in cyber security. It consists of several stages including reconnaissance, probing, acquiring, analyzing, conducting, and eventually reporting of digital crime scene investigation (Digital CSI). Despite its importance, there is a shortage of experts with required skillsets to perform digital forensics and involve in incident response teams. One of the objectives of Digital FIRE is promoting education and training of students who are interested in digital forensics topic. The tool provides a game-based platform for learning and practicing the required skillsets needed in digital forensics.

The topics constitute the skeleton of security incidents and challenges. The security and forensics challenges usually exercised at the major hacking conferences such as DEFCON and Black Hat usually require in-depth knowledge of these four major topics when performed in different platforms.

Digital FIRE offers the following practicing and hands-on experience modules (evolving and still on-going):

  1. Mobile Forensics

The course is completely practical supported with hands-on experiences and formal lectures. Students taking this course will be able to:

  • Demonstrate in-depth knowledge of mobile cyber evidence and digital forensics
  • Demonstrate the knowledge of using mobile forensics tools
  • Learn about the state-of-the-art in malware detection and analysis research
  • Practical malware analysis
  • Developing Android Application using Android Studio
  • Injecting malware into source code of APK file

The tentative topics and tools to be covered include:

  • Setting up a virtual device in emulator of android studio
  • Setting up a python web server
  • Creating APK file and JKS keystore file along with self signed certificate inside it
  • Modifying APK file source code and injected malware into it

Documentation on Setup of this website with files available in this repository

Procedure with all steps involved in setting up the website are provided in a document "CyberForensics_ProjectSite_GitHub_v1.docx" present in this repository for reference.

Learning Outcomes

The following are the expected learning outcomes of the course:

  • Masters of Science Degree:
  1. Catch the flags in given modules and try answering assessments after hands-on implementation (LO 1)
  2. Engage in life-long learning and self-critique (LO 2)
  3. Function independently on self-directed projects or research where appropriate (LO 4 )
  • Doctor of Philosophy Degree:
  1. Catch the flags in given modules and try answering assessments after hands-on implementation (LO 1 )
  2. Engage in life-long learning and self-critique (LO 2 ).
  3. Function in a multi-disciplinary, and culturally diverse environment with cross-functional teams (LO 3)

Additional Lecture Materials on digital Forensics

A course on Digital Forensics prepared and offered by Dr. Akbar Namin can be used as a starting point for reviewing the basics of Digital Forensics. The course includes several modules on 1) Disk Forensics, 2) Reverse Engineering, 3) Memory Forensics, 4) Network Forensics, 5) Mobile Forensics, etc.

The course materials can be found An Introduction to Digital Forensics.

Additional Hacking Textbooks

  1. The Hacker Play Book 2: Practical Guide to Penetration Testing, Author: Peter Kim
  2. Hacking: The Art of Exploitation, Author: Jon Erickson

Acknowledgements

In preperation of this course including lecture notes, lab assignments, case studies, and hands-on experiences many graduate students involved. In particular, these graduate students contributed to the development of the course through donating their created artifacts:

  • Prathyush Turaga (diamond contributor: contributed to 1) Modules creation, 2) Website development, 3) Designing questions for assessment)

Special Thanks

  • The National Science Foundation (NSF) to support and sponsor the project
  1. NSF Grant Number: 1821560
  • The CS Department for allowing offering this course for two consequtive years in order to prepare the materials.

Source Reference & Special Thanks

  1. (https://samsclass.info/128/proj/p9-decom.htm)