SaTC: EDU: A Formal Approach to Digital Forensics and Incident Response Investigations

SaTC：EDU：数字取证和事件响应调查的正式方法

• 批准号: 1821829
• 负责人: Vassil Roussev
• 金额: $ 30万
• 依托单位: University of New Orleans
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1821829&HistoricalAwards=false
• 关键词: SaTC; EDU; Formal; Approach; Digital

The goal of this project is to develop a platform for digital forensics and incident response (DFIR) education. The platform will be built based on an existing proof-of-concept prototype called Nugget. The resulting platform will be tool-agnostic and will support different pedagogical approaches. The platform will provide the ability to formulate and apply forensic queries over different, and potentially large, data sources in an easy to understand manner. The project will make it possible for domain experts, such as cybersecurity and law enforcement analysts, to learn and perform forensic investigations. A set of hands-on materials, that utilize the platform, will be developed to support a two-course sequence in digital forensics and incident response. The platform will provide a formal and unifying conceptual framework for all DFIR analytical techniques, and will enable different approaches to DFIR education. This will allow courses from introductory to research-centric graduate courses, to use the same conceptual framework, and will enable instructors to focus more clearly on concepts rather than specific tools. The associated runtime environment will allow the separation of the specification of a query from its implementation. This project will result in a tool that provides the means to incrementally integrate advanced forensic capabilities, such as SaaS forensics, data analytics, and eventually deeper AI techniques into cybersecurity curricula. The platform will provide the means to acquire and analyze data from popular cloud services, such as cloud drives and online collaboration, and will also integrate with security monitoring/incident response systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是为数字取证和事件响应（DFIR）教育开发一个平台。该平台将基于现有的概念验证原型“Nugget”构建。最终的平台将是工具不可知的，并将支持不同的教学方法。该平台将提供以易于理解的方式对不同的、可能很大的数据源制定和应用取证查询的能力。该项目将使领域专家，如网络安全和执法分析师，学习和执行法医调查成为可能。将开发一套利用该平台的动手材料，以支持数字取证和事件响应的两门课程。该平台将为所有DFIR分析技术提供正式和统一的概念框架，并将使DFIR教育的不同方法成为可能。这将允许从入门课程到以研究为中心的研究生课程使用相同的概念框架，并使教师能够更清楚地关注概念，而不是特定的工具。关联的运行时环境将允许将查询的规范与其实现分离。该项目将提供一种工具，提供增量集成高级取证功能的手段，如SaaS取证、数据分析，最终将更深入的人工智能技术整合到网络安全课程中。该平台将提供从流行的云服务（如云驱动器和在线协作）获取和分析数据的方法，并将与安全监控/事件响应系统集成。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Nugget: A digital forensics language

• DOI: 10.1016/j.diin.2018.01.006
• 发表时间: 2018-03
• 期刊: Digit. Investig.
• 作者: Christopher Stelly;Vassil Roussev