The objectives of this project include (1) developing a sophisticated and realistic educational infrastructure which provides interesting and realistic cyber-crime scenes for undergraduate and graduate network forensics curricula, and (2) developing systematic laboratory projects with innovative educational toolkits such as wireless positioning robots for collecting evidence in a 3-dimensional space. Comprehensive formative and summative evaluations are used to ensure the success of this project.
The project uses realistic network platforms and provides a wide coverage of cyber-crime scenes such as distributed anonymous communication systems and wireless networks. It utilizes PlanetLab, a global research network that provides overlay services and supports the development of new network services. The proposer designed a set of toolkits for teaching network forensics in this environment, including DeAnonymizer toolkit which traces suspects by watermarking the suspect network traffic through professional anonymous communication networks such as Anonymizer and Tor. Another toolkit, 3DLoc, searches the suspect mobile device in a 3-dimensional space.
The developed network forensics projects and supporting materials create a repository at the National Science Digital Library (NSDL). The PI provides detailed documents and free consulting for schools of different sizes and disseminates the outcomes of this project via various venues such as computer education and research journals, international and national conferences, and a web portal. The industry and law enforcement partners standardize the hardware and aid in the technical transfer process.
Network forensics is a growing area of study that serves an important role in industry, federal and state law enforcement, as well as national cyber-defense forces. Cyber crimes often involve complicated crime scene investigations. The PIs have been conducting research in digital forensics, wireless networking, and security and privacy. Various prototypical testbeds have been setup for the cutting-edge research. The PIs recognize that these testbeds can and should also be developed as an educational platform for teaching network forensics. The combined education/research platform can be used not only for advancing research in network forensics, but also to enhance undergraduate and graduate education in the areas of wired and wireless networking and network forensics. Outcomes - intellectual merit: In the past three years, the PIs and their students have achieved the goals of this project (http://ccf.cs.uml.edu/): Developed a sophisticated and realistic educational infrastructure which provides interesting and realistic cyber-crime scenes for undergraduate and graduate network forensics curricula. We purchased all necessary hardware to build the laboratory and founded the Center for Cyber Forensics at UMass Lowell. The university also sponsored us with $31,000 to this end. The purchase includes a number of computers, network switches and other accessories to set up the local anonymous communication networks that have be integrated with PlanetLab, as well as various hardware devices to build forensic localization toolkits for possible classroom use. UMass Lowell is a site of Planetlab now. Developed systematic laboratory projects with innovative educational toolkits such as wireless positioning toolkits. The lab projects include ethical hacking (hacking Project), forensic traceback via Snort (exploration project), anonymous communication networks (exploration project), network traffic data collection (design/implementation), traceback in anonymous communication networks (exploration project), wireless networks - 802.11 WiFi (exploration project), data collection via 3DLoc robot design/implementation project), traceback - evidence collection (design/implementation projects). The dissemination web portal has been deployed at http://ccf.cs.uml.edu/. All student lab projects are online. Under the support of the developed materials, the PIs have developed two digital forensics courses: co-listed 91.460.201 and 91.530.202 (undergraduate students - Selected Topics: Digital Forensics 91.460.201 and for graduate students - Special Topics: Digital Forensics 91.530.202) and 94.562.031 Digital Forensics, which is an online course and a popular course of UMass Lowell Online Master of Science in Information Technology (www.continuinged.uml.edu/degrees/msit.cfm). The enrollment has been increasing. For example, in 2011 Spring, 94.565.031 has 13 students. In 2013 Spring, 26 students have registered the class. Performed comprehensive formative and summative evaluations for designed lab projects. The project produced one master student, whose master thesis is titled as "Network Forensics Education Project and Survey Evaluation". His thesis gives survey design and survey results of some of the designed labs. Survey results show that students are highly motivated to learn network forensics because of the lab projects. Outcomes – broader impact: The project has advance experiential learning while promoting teaching and training. Multiple Ph.D, master and undergraduate students haven been involved in the development of a distributed network forensics laboratory, a variety of cyber crime-scene investigations, hardware assembling and proposed lab projects. Their work is also recognized by multiple awards. Please see attached images. The developed network forensics projects and supporting materials create a web portal (http://ccf.cs.uml.edu/), enhancing education and research resource for network forensics. We provide detailed documents and free consulting for schools of different sizes to adopt the education distribution package including both software and hardware in different computer science and engineering courses. We have been broadly disseminating the deliverables of this project via various venues such as computer education and research journals (2 published journal papers), international and national conferences (8 published journal papers), and our web portal. We are also seeking to transfer our techniques and learning materials to our industry and law enforcement partners.
