NSF Award
1821829
The goal of this project is to develop a platform for digital forensics and incident response (DFIR) education. The platform will be built based on an existing proof-of-concept prototype called Nugget. The resulting platform will be tool-agnostic and will support different pedagogical approaches. The platform will provide the ability to formulate and apply forensic queries over different, and potentially large, data sources in an easy to understand manner. The project will make it possible for domain experts, such as cybersecurity and law enforcement analysts, to learn and perform forensic investigations. A set of hands-on materials, that utilize the platform, will be developed to support a two-course sequence in digital forensics and incident response. <br/><br/>The platform will provide a formal and unifying conceptual framework for all DFIR analytical techniques, and will enable different approaches to DFIR education. This will allow courses from introductory to research-centric graduate courses, to use the same conceptual framework, and will enable instructors to focus more clearly on concepts rather than specific tools. The associated runtime environment will allow the separation of the specification of a query from its implementation. This project will result in a tool that provides the means to incrementally integrate advanced forensic capabilities, such as SaaS forensics, data analytics, and eventually deeper AI techniques into cybersecurity curricula. The platform will provide the means to acquire and analyze data from popular cloud services, such as cloud drives and online collaboration, and will also integrate with security monitoring/incident response systems.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
