Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 1 of 12

Network Forensics MET CS 703, Course Format (Blended), Fall 2017

Instructor Dr. Bhumip Khasnabish, PhD, AMCPM Visiting Prof. of Practice, Computer Science Dept., Metropolitan College Boston University Office hours: One hour prior to class or by prior arrangement Office Address: To be confirmed E-mail: bhumip@bu.edu Course Description This course provides a comprehensive understanding of network forensic analysis principles. Within the context of forensics security, network infrastructures, topologies, and protocols are introduced. Students understand the relationship between network forensic analysis and network security technologies. Students will learn to identify network security incidents and potential sources of digital evidence and demonstrate the ability to perform basic network data acquisition and analysis using computer based applications and utilities. Students will also identify potential applications for the integration of network forensic technologies and demonstrate the ability to accurately document network forensic processes and analysis. Prereq: MET CS 625 and MET CS 695; or instructor's consent. Prerequisites Knowledge of information technology fundamentals (computer hardware, operating systems, applications and networking) is required. Additional information on Forensics can be found in Wikipedia (https://en.wikipedia.org/wiki/Network_forensics , http://forensicswiki.org/) and Open Source Digital Forensics Conference (OSDFCon, https://www.osdfcon.org/) publications. Successful completion of MET CS 625 and MET CS695, or instructor’s approval is also required.

Course Learning Objectives

Upon successful completion of this course you will learn how to:

Examine network evidence from a compromise by an attacker

Identify the attacker's actions from recording of logs, events and incidents

Analyze evidence from network, its infrastructure, and form(s)

Develop scientific hypotheses using forensic investigation tools

Test/revise hypotheses and articulate chronological findings

Recommended Course Books

1. Network Forensics, Ric Messier, Wiley, ISBN: 978-1-119-32828-5, August 2017

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 2 of 12

2. Network Attacks and Exploitation: A Framework, Matthew Monte, Wiley, ISBN: 978-1-118-987 {12-4, 08-7, 23-0}, 2015

3. Network Forensics: Tracking Hackers through Cyberspace, Sherri Davidoff and Jonathan Ham, Prentice Hall, ISBN-13:978-0132564717, ISBN-10:0132564718, 2012

4. Computer Forensics : Investigating Network Intrusions and Cyber Crime, EC-Council, ISBN-13: 978-1-4354-8352-1, ISBN-10: 1-4354-8352-9 (latest edition)

5. (a) Computer Forensics : Investigating Wireless Networks and Devices, EC-Council, ISBN-13: 978-1-4354-8353-8, ISBN-10: 1-4354-8353-7 (latest edition) and (b) Digital Forensics for Handheld Devices, E. P .Doherty (Ed.), CRC Press, 2013

6. Handbook of Digital Forensics and Investigations, Eoghan Casey ed., Elsevier Academic Press ISBN 13: 978-0-12-374267-4 (latest edition)

7. Digital Forensics with Open Source Tools, C. Altheide et al, Syngress/Elsevier, 2011

Recommended Articles

A. Adversarial Network Forensics in Software Defined Networking, S. Achleitner et al, SOSR’17, ACM, Santa Clara, CA, USA, 2017

B. Software-Defined Network Forensics: Motivation, Potential Locations, Requirements, and Challenges, IEEE Network, Vol.30 Issue 6, Nov.-Dec. 2016

C. Cloud computing: The digital forensics challenge, Meyer, G., & Stander, Proc. of Informing Science & IT Education Conference (InSITE), 2015

D. Threat Analysis for the SDN Architecture, Version 1.0, ONF TR-530, 2016

E. The Journal of Digital Forensics, Security and Law (JDFSL), Please see the Latest Articles (http://commons.erau.edu/jdfsl/) and the “Most Popular Papers,” 2017

Laptop Requirements Before you start configuring your laptop for the course assignments and/or experiments, please backup all of your files and system configuration data/information. You will need a System (e.g., 64 bit Windows) with multi-core CPU (~ 3.0 GHz), >8 GB RAM, and >50 GB of free disk space. You can download VirtualBox from the Website: https://www.virtualbox.org/wiki/Downloads . Courseware This course uses Online Campus (Blackboard). Once the course starts all students must use the Online Campus Dashboard internal messages service. Students are required to use On-line campus:

for reading and submitting assignments

Submitting lab exercises and Taking on-line exams and quizzes

Participating in discussion threads

All course related email correspondence

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 3 of 12

Class Policies

1) Attendance & Absences

Students are required to attend the four scheduled on-campus lectures (9/9, 10/7, 11/11, 12/9) and the final exam on 12/16.

Students must notify the instructor in advance if unable to attend any on-campus lecture

2) Classroom Etiquette

Please arrive before the lecture begins (class start time). Turn off your cell phone and leave it on the desk in front of the Professor with a sticky note on which your name and ID are written

Please leave one chair space between you and the person sitting next to you. During the lecture, DO NOT talk to anyone else except to the Professor if you have a question or need some clarification on the topics that are being discussed

If the Professor asks you a question, answer it to the best of your knowledge looking at the Professor, and without looking at or talking to anyone else

Always put your name tag/badge in front of you on the desk so that it is clearly visible by the Professor

3) Assignment, Lab Exercise and Discussion Completion & Late Work

Homework assignments are mandatory, must be completed and submitted in a timely manner, and are required to be submitted via Online Campus for this course. For each day after the submission date a homework assignment is due will result in a penalty of 3 points. Homework assignments passed in that are over 5 days late will receive a grade of zero (0). If a student will be unable to submit an assignment by its due date, the student must contact the instructor in advance to avoid the late submission penalty.

Lab exercises: are mandatory, must be completed and submitted in a timely manner, and are required to be submitted via Online Campus for this course. For each day after the submission date a lab exercise is due will result in a penalty of 3 points. Lab exercises passed in that are over 5 days late will receive a grade of zero (0). If a student will be unable to submit a Lab exercise by its due date, the student must contact the instructor in advance to avoid the late submission penalty.

Student postings to discussion topic after the listed closing dates will not be counted when calculating a student’s discussion grades.

4) Academic Conduct Code – Cheating and plagiarism will not be tolerated in any Metropolitan College course. Such activities/behavior will result in no credit for the assignment or examination and may lead to disciplinary actions. Please take the time to review the Student Academic Conduct Code:

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 4 of 12

http://www.bu.edu/met/metropolitan_college_people/student/resources/conduct/code.html.

Such activities/behavior includes copying (even with modifications) of another student’s work or letting your work to be copied. Your participation in interactions with the instructor and your classmates is encouraged, but the work you submit must be your own. Collaboration is not permitted.

Grading Criteria Students will have to do homework assignments to help you master the material. You will also have to read the textbooks and to be ready to discuss the issues related to the current class topics. Grades will be based on:

homework assignments ( 30%)

lab exercises and/or project ( 30%)

in-class and discussion thread participation (10%)

proctored final exam (30%)

Grade ranges are as follows:

A’s: {90-93 is an A-, and 94+ is an A}

B’s: {80-83 is a B-, 84-86 is a B, and 87-89 is a B+}

C’s: {71-73 is a C-, 74-76 is a C, and 77-79 is a C+}

F: 60 to 70 Class Meetings, Lectures, Assignments, Lab Exercises & Examinations The course will include four (4) class sessions held at the Boston University campus. The class session will include lectures, laboratory exercises, and an interactive exchange of course related concepts and materials. These sessions also provide students with the opportunity to interact with other students and the course instructor. The proposed class session dates are listed below (subject to change based on course and instruction requirements):

On-campus class

session

Topics

Covered

Will occur in Fuller Bldg. (808 Commonwealth Avenue,

Boston, MA) Rm. No. 109 on

Session 1 Module 1 September 9, 2017 between 1 PM and 4 PM ET

Session 2 Module 3 October 7, 2017 between 1 PM and 4 PM ET

(may include a guest lecture)

Session 3 Module 5 November 11, 2017 between 1 PM and 4 PM ET

(may include a guest lecture)

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 5 of 12

Session 4 Module 7 December 9, 2017 between 1 PM and 4 PM ET (may

change to 6-9 PM ET)

Final Exam December 16, 2017 between 1 PM and 4 PM ET

Students are expected to read the documents listed in the Study Guide prior to each face-to-face session. These documents can be downloaded from the Blackboard Discussion ‘From your Instructor’ area. We will be discussion each document that is assigned to a session.

Failure to read these documents prior to each session will affect your Discussion grades.

Project Selection Guideline

Review the Network Forensics related Briefings, Arsenal, Features, Events, etc. of recent

BlackHat (https://www.blackhat.com) and Digital Forensics Conference

(https://www.osdfcon.org/), and the articles in JDFSL (http://commons.erau.edu/jdfsl/).

Determine your single area of focus, e.g., Tools, Evidence Acquisition, Evidence Analysis,

Strategy, Remote Access, etc.

Review the project in your focus area in Open Source space (e.g.,

https://github.com/cugu/awesome-forensics).

Finalize only one project which is of most interest to you and you can excel in contributing to

the development, testing and finalizing. Good Luck!

On-line Live sessions There will be a number of one hour on-line sessions, in addition to on-campus meetings identified above, which will be held at 7 PM ET on the following Wednesdays: Sept.(20), Oct.(04 and 18), Nov.(01, 15, and 29), and Dec.(13). Assignment/Homework/Exercise/Project Submission Guideline PLEASE submit the completed tasks in MS Word or PPT file(s) via email before the due date. File names for the documents must be as follows:

<student’s first name>-CS703-Abcd<number>-ddMnt2017.doc An example of the document file name for assignment no. 3 submitted by the Instructor on the 15th of August is as follows:

Bhumip-CS703-Asgn3-15Aug2017.doc Note: Abcd=Asgn for Assignment submission, Abcd=Hwrk for Assignment submission, Abcd=Labs for Lab/Exercise submission, and Abcd=Proj for Project submission; dd is the two digit Date of submission, Mnt is the first three letters of the Month of submission. Include the file name in the header and a page number in the footer of your assignment submission document. Quoted materials and citations must follow the Modern Language

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 6 of 12

Association (MLA, https://style.mla.org/) format with a reference section at the end of a student’s submitted work. Then, print the first page of your email on one side of a paper, and the first page of your assignment submission file on the other side of the same paper. Finally, bring that paper for submission before the lecture immediately following the submission date.

Class Meetings, Lectures & Assignments

Date/ Module

Topic Readings Guide/Due Assignments Due

/1 9 Sept.

Network Forensics Basics

Fundamentals

Strategies

Evidence Gathering

Ch.1-2 of Rec. Book 1 Ch.1-3 of Rec. Book 3 Ch.1-2 of Rec. Book 4 Ch.1-2 of Rec. Book 6

Assignment-1 & Discussion-1 are Due by 9/19

/2 20 Sept. 04 Oct.

Types of Attacks

Web/Host Attacks

Routers/Switches/.. Attacks

Device-based Attacks

Ch.5-6 of Rec. Book 1 Ch.1-6 of Rec. Book 2 Ch.4-7 of Rec. Book 3 Ch.3-5 of Rec. Book 4

Discussion-2 due by 10/3

/3

7 Oct.

Network Forensics Tools

Wired/Wireless Access

Internet

Software-Defined Nets

Ch.3, 4 & 9 of Rec. Book 1 Ch.9 & 10 of Rec. Book 3 Ch.1 of Rec. Books 5(a) Rec. Articles [A-D]

Assignment-2 & Project Outline Due today (10/7)

/4

18 Oct.

01 Nov.

Correlation/Analyses of Logs/Events/Traces and Investigations

Denial of Service

Internet Crimes

Email-based Crimes

Wireless Attacks

Ch.4, 10 & 11 of Rec. Book 1 Ch.8 of Rec. Book 3 Ch.5-7 of Rec. Book 4 Ch.4, 9 & 10 of Rec. Book 6

Discussion-3 due by 10/17 Project Update Due by 10/31

/5

11 Nov.

IoT and Device-based Attacks/ Forensics

Tagged and Simple Sensors

Hand-held Device

Ch.2-4 of Rec. Books 5(a) Ch.1-4 of Rec. Books 5(b) Article 3 on Android Forensics from Vol.10, No.4 of JDFSL

Assignment-3 & Project Update Due today (11/11)

/6

Typical Industrial, and Social Crimes

Corporate Espionage

Trademark and Copyright

Ch.11 & 12 of Rec. Book 3 Ch.8-11 of Rec. Book 4 Ch.6, 7 & 9 of Rec. Book 2

Discussion-4 due by 11/14 Project

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 7 of 12

15 Nov.

29 Nov.

violations

Other Social Crimes

Update Due by 11/28

/7 9 Dec.

Incident Prevention and Impact Mitigation Techniques

Proactive Steps

Analytics-based Predictive Steps

Ch.7&8 of Rec. Book 1 Ch.8 of Rec. Book 2 Ch.7 of Rec. Book 3 Rec. Article [D-E]

Assignment-4 & Project update Due today (12/09)

/8 13 Dec.

Advanced Net Forensics Topics

Deep-Stats and Big-Data- Analytics-based Forensics

Intelligent Forensics

Open Source Tools

Ch.9 of Rec. Book 1 Ch.1, 2 & 9 of Rec. Book 7 Rec. Articles [A-E]

Final Slides for Project Due by 12/12

/9 16 Dec.

Final Exam

Final Project Presentation & Uploading of Video

Preparatory Study Materials: [1] On-campus Face-to-Face Session#1

Date 9/9 between 1 PM and 4 PM hours ET

Note Preparatory Reading (To be read prior to attending session#1)

Association of Computing Machinery (1992) ACM code of ethics and professional conduct.

Communications of the ACM, 35(5), pp. 94-99

Anderson, R.E., Johnson, D.G., Gotterbarn, D., & Perrolle, J. (1993) Using the New ACM Code

of Ethics in Decision Making. Communications of the ACM, 36(2), pp. 98-107

Hofstede, R., Celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., & Pras, A., (2014).

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and

IPFIX. IEEE Communications Surveys & Tutorials, 16(4), pp.2037-2064. doi:

10.1109/COMST.2014.2321898

McRee, R. (2013, August) C3CM: Part 1 – Nfsight with Nfdump and Nfsen. ISSA Journal, pp.

29-32

Nehinbe, J. O. (2010) Log Analyzer for Network Forensics and Incident Reporting. Intelligent

Systems, Modelling and Simulation, International Conference on, pp. 356-361

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 8 of 12

Reith, M., Carr, C., & Gunsch, G. (2002) An Examination of Digital Forensic Models.

International Journal of Digital Evidence, 1(3), pp. 1-12

Willson, D. (2013, August) Legal Issues of Cloud Forensics. ISSA Journal, pp. 25-28

[2] On-campus Face-to-Face Session#2

Date 10/7 between 1 PM and 4 PM hours ET

Note Preparatory Reading (To be read prior to attending session#2)

Divyesh, G.D.D & Nagoor, M.A.R. (2014). Forensic Evidence Collection by Reconstruction of

Artifacts in Portable Web Browser. International Journal of Computer Applications, 91(4),

pp. 32-35

Dormann, W. & Rafail, J. (2011) Securing your web browser. CERT, Software Engineering

Institute Carnegie Mellon University, pp. 1-18

Dukes, L., Yuan, X., & Akowuah, F. (2013, April). A case study on web application security

testing with tools and manual testing. In Southeastcon, 2013 Proceedings of IEEE, pp. 1-6

Marco Tabini (2011) Learn the basics of Web browser security. MacWorld.com, pp. 1-2

Martellaro, J. (2011) The State of Browser Security. The Mac Observer, pp. 1-3

Mylonas, A., Tsalis, N., & Gritzalis, D. (2013). Evaluating the manageability of web browsers

controls. In Security and Trust Management, pp. 82-98

Webdevout (2011) Web Browser Security Summary. pp. 1-8

Gugelmann, D., Gasser, F., Ager, B., & Lenders, V. (2015). Hviz: HTTP (S) traffic aggregation

and visualization for network forensics. Digital Investigation, 12, S1-S11

[3] On-campus Face-to-Face Session#3

Date 11/11 between 1 PM and 4 PM hours ET

Note Preparatory Reading (To be read prior to attending session#3)

Palomo, E. J., North, J., Elizondo, D., Luque, R. M., & Watson, T. (2012). Application of

growing hierarchical SOM for visualisation of network forensics traffic data. Neural

Networks, 32, 275-284

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 9 of 12

Al-Mahrouqi, A., Abdalla, S., & Kechadi, T. (2014, October). Network Forensics Readiness

and Security Awareness Framework. In International Conference on Embedded Systems

in Telecommunications and Instrumentation (ICESTI 2014), Algeria, October 27-29 2014

Bates, A., Butler, K., Haeberlen, A., Sherr, M., & Zhou, W. (2014, February). Let SDN be your

eyes: Secure forensics in data center networks. In Proceedings of the NDSS Workshop on

Security of Emerging Network Technologies (SENT’14)

Paglierani, J., Mabey, M., & Ahn, G. J. (2013, October). Towards comprehensive and

collaborative forensics on email evidence. In Collaborative Computing: Networking,

Applications and Worksharing, 9th International Conference Conference on, 11-20

Guo, H., Jin, B., & Qian, W. (2013, April). Analysis of Email Header for Forensics Purpose. In

Communication Systems and Network Technologies (CSNT), 2013 International

Conference on, 340-344

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical

criteria for cloud forensic capability: An overview of survey results. Digital Investigation,

10(1), 34-43

Shah, J. J., & Malik, L. G. (2013, December). Cloud Forensics: Issues and Challenges. In

Emerging Trends in Engineering and Technology (ICETET), 6th International Conference

on,138-139. IEEE

Shah, J. J., & Malik, L. G. (2014, February). An approach towards digital forensic framework

for cloud. In Advance Computing Conference (IACC), 2014 IEEE International, 798-801.

IEEE

Bhatt, P., Toshiro Yano, E., & Gustavsson, P. M. (2014, April). Towards a Framework to

Detect Multi-stage Advanced Persistent Threats Attacks. In Service Oriented System

Engineering (SOSE), 8th International Symposium on, 390-395. IEEE

De Vries, J., Hoogstraaten, H., van den Berg, J., & Daskapan, S. (2012, December). Systems

for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent

Data Analysis. In Cyber Security (CyberSecurity), International Conference on, 54-61. IEEE

Virvilis, N., Gritzalis, D., & Apostolopoulos, T. (2013, December). Trusted Computing vs.

Advanced Persistent Threats: Can a defender win this game?. In Ubiquitous Intelligence

and Computing, 10th International Conference on and 10th International Conference on

Autonomic and Trusted Computing, 396-403. IEEE

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 10 of 12

[4] On-campus Face-to-Face Session#4

Date 12/9 between 1 PM and 4 PM hours ET (may change to 6-9 PM ET)

Note Preparatory Reading (To be read prior to attending session#4)

Rani, D. R., & Geethakumari, G. (2015, January). An efficient approach to forensic

investigation in cloud using VM snapshots. In Pervasive Computing (ICPC), 2015

International Conference on (pp. 1-5). IEEE

Morioka, E., & Sharbaf, M. S. (2015, April). Cloud Computing: Digital Forensic Solutions. In

Information Technology-New Generations (ITNG), 2015 12th International Conference

on (pp. 589-594). IEEE

Kadivar, M. (2014). Cyber-Attack Attributes. Technology Innovation Management Review,

4(11)

Maheux, B. (2014). Assessing the Intentions and Timing of Malware. Technology Innovation

Management Review, 4(11)

Paverd, A., Martin, A., & Brown, I. (2014). Security and Privacy in Smart Grid Demand

Response Systems. In Smart Grid Security (pp. 1-15). Springer International Publishing

Kumar, V., Oikonomou, G., Tryfonas, T., Page, D., & Phillips, I. (2014). Digital investigations

for IPv6-based Wireless Sensor Networks. Digital Investigation, 11, S66-S75

Chen, S., Zeng, K., & Mohapatra, P. (2014). Efficient data capturing for network forensics in

cognitive radio networks. Networking, IEEE/ACM Transactions on, 22(6), 1988-2000

[5] On-campus Face-to-Face Session#5

Date 12/16 between 1 PM and 4 PM hours ET

Note Final Exam., and Final Presentation of Project

Final version of Project Slides Due, and Video Upload

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 11 of 12

Additional Resources

Open Source PCAP and Other Files/Videos

There are many open source PCAP files, as can be found by searching (e,g., at

https://duckduckgo.com/) with “PCAP files for forensic experiments.” Here is a preliminary list

of URLs and video clips that you may find useful.

PCAP files at Sourceforge.net: https://sourceforge.net/directory/os:windows/?q=pcap

Publicly available PCAP files: https://www.netresec.com/?page=PcapFiles

Evidence files for practicing examination in your laptop: https://lmgsecurity.com/nf

Files for Malware traffic analysis exercises: http://www.malware-traffic-analysis.net/training-exercises.html

PCAP Wiki site: https://en.wikipedia.org/wiki/Pcap

Files from Computer Forensics Education Research: https://digitalcorpora.org/

Installing BitCurator as a VM using VirtualBox: https://www.youtube.com/watch?v=ttfLavXwpj8

BitCurator: Using Bulk Extractor to Locate Potentially Sensitive Information: https://www.youtube.com/watch?v=mWMzwo4kWDc

Intercept Personally Identifiable Information (PII) with NSi Autostore's Data Filter: https://www.youtube.com/watch?v=-T8Ufxb_5Qs

A Sample of Network Forensics Tools

TCPdump: http://www.tcpdump.org/

Wireshark/EtherReal: https://www.wireshark.org/

NetFlow: https://en.wikipedia.org/wiki/NetFlow

sFlow: https://en.wikipedia.org/wiki/SFlow

IP Flow Information Export (IPFIX): https://en.wikipedia.org/wiki/IP_Flow_Information_Export

Network Forensics Tools: http://www.forensicswiki.org/wiki/Tools:Network_Forensics

DNS Tools: http://www.dnsstuff.com/

DHCP Server Audit Tools: https://www.manageengine.com/

Security Tools for IPv6: https://github.com/toperaproject/topera#topera-project-page

Boston University Metropolitan College

CS703_EL_Fall-2017 bhumip@bu.edu Page 12 of 12

Digital Forensics Tools: http://www.digitalforensicsassociation.org/opensource-tools/

Popular Forensics Tools: http://resources.infosecinstitute.com/computer-forensics-tools/

Forensic Investigations-Tools/Hacks: https://www.youtube.com/watch?v=68f-VAV89QQ

Digital Forensics Tool Testing: http://dftt.sourceforge.net/

Student Conduct Responsibilities

Notice of Criminal, Civil, and Administrative Responsibility

The legal and authorized use of the materials, software, applications, processes, techniques or services described in this course, presented in written or verbal form, are the sole responsibility and liability of the individual student. The course instructor and Boston University assume no liability as for any damages resulting from unauthorized use of the knowledge gained by student(s) from material covered in this course.

The content and use of the course materials, software, applications, processes, techniques or

services described in presentation materials or conveyed verbally by the course instructor may

be limited or restricted by federal, state or local criminal and/or civil laws or the acceptable use

in corporations, businesses or organizations.

It is the responsibility of the student to ensure that they do not perform any action, process or

technique that could violate any criminal, civil or administrative laws, regulations and/or

policies.

There shall be no liability on the part of the course instructor for any loss or damage, direct or

consequential arising from the use of this information or any action by student(s) that is

determined to be in violation of any federal, state and/or local civil or criminal law, or for

violation of any administrative regulation, policy or acceptable use policy that results in

prosecution, or any loss, to include termination of employment, forfeiture, restitution or fines.

Student enrollment in this course will constitute an agreement to the aforementioned terms

and conditions of student responsibilities and liabilities.