Digital Forensics
School of Computing Digital Forensics Capabilities
The School of Computing has a primary interest in Digital Forensics and Security. USA is an NSA/DHS Center of Academic Excellence in Information Assurance/ Cyber Defense and a participant in NSF's CyberCorps Scholarships for Service. The following topics impact digital forensics investigations in both industry and law enforcement.
1. Computing Forensics and Digital Investigations
The Soc Digital Forensics Information Intelligence(DFII) Research Group meets weekly during the academic year. The research interest ranges from malware to cloud computing to SCADA devices, organizational investigations, hardware evolution, and the impact that all of these areas have on forensic tool, processes and investigations. Soc investigators collaborate to conduct basic and applied research that is brought into our classrooms.[Barnett, Black, Yasinsac, Johnsten, Damopoulos, Green]
2. Critical Infrastructure Protection
Presidential Policy Directive 21(2013) established protecting the nation's critical infrastructure as a national priority. Soc researchers examine risks to end user oriented critical cyber infrastructure components such as automobiles, airplanes, and medical devices. We also study computer systems that control water flow and that regulate electrical grids, lighting systems, traffic signals, and analogous sensors, actuators and control devices.[Andel, McDonald, Damopoulos, Black, Green]
3.Advanced Persistent Threats
Advanced Persistent Threats (APT) may be the greatest single threat to effective use of the internet today. Networks of rogue computers are created by attackers with vast resources, e.g. criminal and state-sponsored actors and are designed to carry out coordinated acts of malice. Soc researchers study technology that can prevent ATPs through malware analysis, reverse engineering, intrusion detection, secure software, and network security research. [McDonald, Andel]
4. Secure Software
Most computing system threats manifest through implementation flaws resulting from poor software development practices. Soc researchers investigate techniques to improve rigor in software development, the impact of anti-forensic software, and potential detection solutions.[Andel, McDonald, Yasinsac]
5. Insider Threats
Most Security approaches are based on the classic Maginot Line concept, where the defenders are inside the perimeter and the attackers are on the outside. Soc investigators study technology and man-machine interface sciences to prevent, detect, and respond to attacks made by trusted parties that violate privilege that is given to them. [Yasinsac]
6. Informatics ( Healthcare, Bio, etc.)
The USA Health Informatics Research Group is currently focused on two major areas of research, education and outreach: Risk assessment of healthcare systems and health informatics curriculum development. the USA Health Informatics Group is emerging as a center of research for risk assessment of healthcare data and systems and pedagogical innovations in health informatics curriculum and education. We are seeking colleagues with mutual interests to pursue publication and grant opportunities in our identified research themes or closely related areas. [Campbell, Pardue, Bourrie, Sittig]
7. Big Data and Cloud Computing
The Volume and diversity of data being collected impacts an investigation. Rapid increases in computing and storage technologies have revolutionized the collection and processing of immense volumes of data. Soc investigators study advanced techniques to identify correlations in vast databases that can lead to improvements in cloud security, medical research, and other bog data applications. [Johnsten, Benton, Haung, Bourrie, Shropshire]
8. Internet Voting
Driven by the pervasive distribution of personal computing devices, there is strong inertia to engage internet voting in national elections in spite of spirited objections regarding security risks of counting electronically delivered ballots. Soc investigators study theoretical limitations that impacts voting system decisions along with security practices that may enable expanded engagement of technology in election processes. [Andel, Yasinsac]
9. Cyber-STEM Education
In 2012, Soc established a K-12 partner School Program to advance Cyber Stem research, education, and familiarization through local schools. This includes examining techniques for increasing STEM adoption by students in underrepresented groups and improving computing proficiency for K-12 teachers. [Chapman, Black, Barnett, Yasinsac, McDonald, Andel, Johnsten]