Difference between pages "Category:Vendor" and "Research Topics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m
 
Line 1: Line 1:
[[Category:Organizations]]
+
; Research Ideas
  
The Norcross Group
 
  
http://www.norcrossgroup.com
 
  
Norcross Group is the most trusted, most secure, most cost-efficient means to locate critical information that supports lawsuits, subpoena compliance and internal investigations. We find what you need, whether in digital or paper format, including erased or damaged media.
+
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
  
Comprehensive Digital Discovery Support Services –
+
==Disk Forensics==
Norcross Group provides a full range of paper and electronic discovery services for litigation support and subpoena compliance, including complex digital forensics, all in accord with the recent Electronically Stored Information (ESI) amendment to the Federal Rules of Civil Procedure.
+
===Stream Forensics===
 +
Process the entire disk with one pass, or at most two, to minimize seek time.
  
Trusted, Secure, Discrete –
+
===Evidence Falsification===
Norcross Group’s staff is deeply experienced as expert witnesses, including extensive backgrounds in federal law enforcement. In addition, we have served as special masters for impartial investigations and testimony for litigation, mediation and arbitration. Our security data handling procedures document chain-of-custody and ensure that confidential information remains private.
+
Automatically detect falsified digital evidence.
  
Improves Overall Information Management Processes –
+
===Sanitization===
Norcross Group’s deep knowledge of digital investigation and discovery helps organizations simplify and streamline the retrieval and retention of critical information. We understand how legal, IT and daily business processes interact. As a result, we are uniquely positioned to help law firms learn how to comply with the Electronically Stored Information (ESI) amendment to the Federal Rules of Civil Procedure, as well as help businesses efficiently handle a wide variety of legal and regulatory compliance requirements.
+
Detect and diagnose sanitization attempts.
 +
 
 +
 
 +
===[[AFF]] Enhancement===
 +
* Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
 +
 
 +
* Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
 +
 
 +
* Improve the data recovery features of aimage.
 +
 
 +
* Replace AFF's current table-of-contents system with one based on B+ Trees.
 +
 
 +
==Carving==
 +
===JPEG Validator===
 +
Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.  
 +
 
 +
 
 +
==Cell Phone Exploitation==
 +
===Imaging===
 +
Develop a tool for imaging the contents of a cell phone memory
 +
===Interpretation===
 +
* Develop a tool for reassembling information in a cell phone memory
 +
 
 +
 
 +
==Corpora Development==
 +
===Realistic Disk Corpora===
 +
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
 +
 
 +
These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
 +
 
 +
===Realistic Network Traffic===
 +
Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.

Revision as of 12:52, 11 November 2008

Research Ideas


Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.

Contents

Disk Forensics

Stream Forensics

Process the entire disk with one pass, or at most two, to minimize seek time.

Evidence Falsification

Automatically detect falsified digital evidence.

Sanitization

Detect and diagnose sanitization attempts.


AFF Enhancement

  • Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
  • Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
  • Improve the data recovery features of aimage.
  • Replace AFF's current table-of-contents system with one based on B+ Trees.

Carving

JPEG Validator

Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.


Cell Phone Exploitation

Imaging

Develop a tool for imaging the contents of a cell phone memory

Interpretation

  • Develop a tool for reassembling information in a cell phone memory


Corpora Development

Realistic Disk Corpora

There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).

These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of wear --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.

Realistic Network Traffic

Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.

This category currently contains no pages or media.