- Research Ideas
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
- Stream Based Disk Forensics.
- Process the entire disk with one pass, or at most two, to minimize seek time.
- Automatically detect falsified digital evidence.
- Detect and diagnose sanitization attempts.
- Replaceme the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
- Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
- Improve the data recovery features of aimage.
- Replace AFF's current table-of-contents system with one based on B+ Trees.
Decoders and Validators
- Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.
Develop source tools for:
- Imaging the contents of a cell phone memory
- Reassembling information in a cell phone memory
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
Specifically there is a need for:
- Realistic disk images
- These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of wear --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
- Realistic network traffic
- Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
- Digital Cameras
- Cell phones
- USB Memory Sticks below the logical layer.