|
|
| Line 1: |
Line 1: |
| − | Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
| + | YAFFS is Yet Another Flash File System, a flash file system for Linux used on many small devices. |
| | | | |
| − | ==Research Projects== | + | ==See Also== |
| − | ===Flash Forensics===
| + | * [[Setting up a Flash Emulator]] |
| − | Flash storage devices offer opportunities for recovering information that is not visible by going beneath the logical layer visible to users and most operating systems.
| + | * http://www.ebdev.com/EOS/YAFFS-FileSystem.pdf - The Linux MTD, YAFFS Howto |
| − | * Access the physical layer of SD cards and/or USB flash devices. Reverse-engineer the Flash Translation Layer to find deleted data and files. | + | * http://www.yaffs.net/howto-incorporate-yaffs - How to incorporate YAFFS as a root fs on Linux |
| − | ''Necessary skills: social engineering the flash vendors; kernel programming; reverse-engineering.''
| + | |
| − | ==Stream Forensics==
| + | |
| − | * Process the entire disk with one pass, or at most two, to minimize seek time.
| + | |
| − | ==Evidence Falsification==
| + | |
| − | * Automatically detect falsified digital evidence.
| + | |
| − | ==Sanitization==
| + | |
| − | * Detect and diagnose sanitization attempts.
| + | |
| − | | + | |
| − | ==Programming Projects==
| + | |
| − | ===SleuthKit Enhancements===
| + | |
| − | [[SleuthKit]] is the popular open-source system for forensics and data recovery. | + | |
| − | * Add support for a new file system:
| + | |
| − | ** The [[YAFFS2]] [[flash file system]]. (YAFFS2 is currently used on the Google G1 phone.)
| + | |
| − | ** The [[JFFS2]] [[flash file system]]. (JFFS2 is currently used on the One Laptop Per Child laptop.) | + | |
| − | ** [[XFAT]], Microsoft's new FAT file system.
| + | |
| − | * Enhance support for an existing file system:
| + | |
| − | ** EXT4
| + | |
| − | ** Add support for NTFS encrypted files.
| + | |
| − | ** Report the physical location on disk of compressed files.
| + | |
| − | * Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK. (I've already started on this if you want the code.)
| + | |
| − | ''Necessary skills: C programming and filesystem familiarity.''
| + | |
| − | ===fiwalk Enhancements===
| + | |
| − | * Rewrite the metadata extraction system.
| + | |
| − | * Extend [[fiwalk]] to report the NTFS "inodes."
| + | |
| − | | + | |
| − | ==Timeline Analysis==
| + | |
| − | Write a new timeline viewer that supports:
| + | |
| − | * Logfile fusion (with offsets)
| + | |
| − | * Logfile correlation
| + | |
| − | * View logfiles in the frequency domain.
| + | |
| − | | + | |
| − | ==Online Social Network Analysis==
| + | |
| − | * Find and download in a forensically secure manner all of the information in a social network (e.g. Facebook, LinkedIn, etc.) associated with a targeted individual.
| + | |
| − | * Determine who is searching for a targeted individual. This might be done with a honeypot, or documents with a tracking device in them, or some kind of covert Facebook App. | + | |
| − | | + | |
| − | ==Cell Phone Exploitation==
| + | |
| − | ===Imaging===
| + | |
| − | * Image the contents of a cell phone physical memory using the JTAG interface.
| + | |
| − | ===Interpretation===
| + | |
| − | * Develop a tool for reassembling information in a cell phone memory
| + | |
| − | | + | |
| − | ==Corpora Development==
| + | |
| − | ===Realistic Disk Corpora===
| + | |
| − | There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
| + | |
| − | | + | |
| − | These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
| + | |
| − | | + | |
| − | From DFRWS 2005
| + | |
| − | Frank Adelstein (ATC-NY), Yun Gao and Golden G. Richard III (University of New Orleans): Automatically Creating Realistic Targets for Digital Forensics Investigation http://www.dfrws.org/2005/program.shtml
| + | |
| − | | + | |
| − | ===Realistic Network Traffic===
| + | |
| − | Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
| + | |
YAFFS is Yet Another Flash File System, a flash file system for Linux used on many small devices.
