Difference between pages "Research Topics" and "Darik's Boot and Nuke"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Stored Data Forensics)
 
 
Line 1: Line 1:
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
+
{{Expand}}
 +
{{Infobox_Software |
 +
  name = DBan |
 +
  maintainer = Darik Horn |
 +
  os =  |
 +
  genre = {{Secure deletion}} |
 +
  license =  |
 +
  website = [http://dban.sf.net dban.sf.net] |
 +
}}
  
==Research Projects==
 
===Flash Forensics===
 
Flash storage devices offer opportunities for recovering information that is not visible by going beneath the logical layer visible to users and most operating systems. 
 
* Access the physical layer of SD cards and/or USB flash devices. Reverse-engineer the Flash Translation Layer to find deleted data and files.
 
''Necessary skills: social engineering the flash vendors; kernel programming; reverse-engineering.''
 
==Stream Forensics==
 
* Process the entire disk with one pass, or at most two, to minimize seek time. 
 
==Evidence Falsification==
 
* Automatically detect falsified digital evidence.
 
==Sanitization==
 
* Detect and diagnose sanitization attempts.
 
  
==Programming Projects==
+
'''D'''arik's '''B'''oot '''a'''nd '''N'''uke is a disk image that can create a bootable CD/DVD/Floppy/USB Device that can securely wipes the hard disks of most computers. Dban has support for all 32-bit x86 machines as well as [http://dban.sourceforge.net/beta/index.html beta] builds for Cisco Routers, Sparc, PowerPC and HP PA-RISC hardware architecture. DBan is bundled with [[Eraser]]
===SleuthKit Enhancements===
+
[[SleuthKit]] is the popular open-source system for forensics and data recovery.
+
* Add support for a new file system:
+
** The [[YAFFS2]] [[flash file system]]. (YAFFS2 is currently used on the Google G1 phone.)
+
** The [[JFFS2]] [[flash file system]]. (JFFS2 is currently used on the One Laptop Per Child laptop.)
+
** [[XFAT]], Microsoft's new FAT file system.
+
* Enhance support for an existing file system:
+
** EXT4
+
** Add support for NTFS encrypted files.
+
** Report the physical location on disk of compressed files.
+
* Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK. (I've already started on this if you want the code.)
+
''Necessary skills: C programming and filesystem familiarity.''
+
===fiwalk Enhancements===
+
* Rewrite the metadata extraction system.
+
* Extend [[fiwalk]] to report the NTFS "inodes."
+
  
==Timeline Analysis==
+
== Wipe Methods ==
Write a new timeline viewer that supports:
+
* Logfile fusion (with offsets)
+
* Logfile correlation
+
* View logfiles in the frequency domain.
+
  
==Online Social Network Analysis==
+
* Quick Erase
* Find and download in a forensically secure manner all of the information in a social network (e.g. Facebook, LinkedIn, etc.) associated with a targeted individual.
+
* Canadian RCMP TSSIT OPS-II Standard Wipe
* Determine who is searching for a targeted individual. This might be done with a honeypot, or documents with a tracking device in them, or some kind of covert Facebook App.
+
* American DoD 5220-22.M Standard Wipe
 +
* Gutmann Wipe
 +
* PRNG Stream Wipe
  
==Cell Phone Exploitation==
 
===Imaging===
 
* Image the contents of a cell phone physical memory using the JTAG interface.
 
===Interpretation===
 
* Develop a tool for reassembling information in a cell phone memory
 
  
==Corpora Development==
+
== External Links ==
===Realistic Disk Corpora===
+
* [http://dban.sourceforge.net/ Official website]
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).  
+
* [http://sourceforge.net/forum/forum.php?forum_id=208932 Support Forum]
  
These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
+
[[Category:Anti-forensics tools]]
 
+
From DFRWS 2005
+
Frank Adelstein (ATC-NY), Yun Gao and Golden G. Richard III (University of New Orleans): Automatically Creating Realistic Targets for Digital Forensics Investigation http://www.dfrws.org/2005/program.shtml
+
 
+
===Realistic Network Traffic===
+
Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
+

Revision as of 12:39, 3 August 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

DBan
Maintainer: Darik Horn
OS:
Genre: Secure deletion
License:
Website: dban.sf.net


Darik's Boot and Nuke is a disk image that can create a bootable CD/DVD/Floppy/USB Device that can securely wipes the hard disks of most computers. Dban has support for all 32-bit x86 machines as well as beta builds for Cisco Routers, Sparc, PowerPC and HP PA-RISC hardware architecture. DBan is bundled with Eraser

Wipe Methods

  • Quick Erase
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • American DoD 5220-22.M Standard Wipe
  • Gutmann Wipe
  • PRNG Stream Wipe


External Links