Difference between pages "DC3 Digital Forensics Challenge" and "Research Topics"
From Forensics Wiki
(Difference between pages)
m (→Flash Memory) |
|||
| Line 1: | Line 1: | ||
| − | + | ; Research Ideas | |
| − | + | Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas. | |
| − | |||
| − | |||
| − | == | + | =Hard Problems= |
| + | * Stream Based Disk Forensics. Process the entire disk with one pass, or at most two, to minimize seek time. | ||
| + | * Determine the device that created an image or video without metadata. (fingerprinting digital cameras) | ||
| + | * Automatically detect falsified digital evidence. | ||
| + | * Use the location of where data resides on a computer as a way of inferring information about the computer's past. | ||
| + | * Detect and diagnose sanitization attempts. | ||
| + | * Recover overwritten data. | ||
| − | === | + | =Tool Development= |
| + | ==[[AFF]] Enhancement== | ||
| + | * Evaluation of the AFF data page size. What is the optimal page size for compressed forensic work? | ||
| + | * Replacement of the AFF "BADFLAG" approach for indicating bad data with a bitmap. | ||
| + | * Modify aimage so that it can take a partial disk image and a disk and just image what's missing. | ||
| + | * Improve the data recovery features of aimage. | ||
| + | * Replace AFF's current table-of-contents system with one based on B+ Trees. | ||
| − | == | + | ==Decoders and Validators== |
| + | * A JPEG decompresser that supports restarts and checkpointing for use in high-speed carving. It would also be useful it the JPEG decompressor didn't actually decompress --- all it needs to do is to verify the huffman table. | ||
| − | == | + | ==Cell Phones== |
| − | + | Open source tools for: | |
| + | * Imaging the contents of a cell phone memory | ||
| + | * Reassembling information in a cell phone memory | ||
| − | |||
| − | |||
| − | |||
| − | === | + | =Corpora Development= |
| − | + | ==Realistic Corpora== | |
| − | + | * Simulated disk imags | |
| − | + | * Simulated network traffic | |
| − | + | ==Real Data== | |
| − | + | * Digital Cameras | |
| − | + | * Cell phones | |
| − | + | * USB Memory Sticks ''below'' the logical layer. | |
| − | + | ||
| − | == | + | |
| − | + | ||
| − | * | + | |
Revision as of 22:24, 2 November 2008
- Research Ideas
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
Contents |
Hard Problems
- Stream Based Disk Forensics. Process the entire disk with one pass, or at most two, to minimize seek time.
- Determine the device that created an image or video without metadata. (fingerprinting digital cameras)
- Automatically detect falsified digital evidence.
- Use the location of where data resides on a computer as a way of inferring information about the computer's past.
- Detect and diagnose sanitization attempts.
- Recover overwritten data.
Tool Development
AFF Enhancement
- Evaluation of the AFF data page size. What is the optimal page size for compressed forensic work?
- Replacement of the AFF "BADFLAG" approach for indicating bad data with a bitmap.
- Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
- Improve the data recovery features of aimage.
- Replace AFF's current table-of-contents system with one based on B+ Trees.
Decoders and Validators
- A JPEG decompresser that supports restarts and checkpointing for use in high-speed carving. It would also be useful it the JPEG decompressor didn't actually decompress --- all it needs to do is to verify the huffman table.
Cell Phones
Open source tools for:
- Imaging the contents of a cell phone memory
- Reassembling information in a cell phone memory
Corpora Development
Realistic Corpora
- Simulated disk imags
- Simulated network traffic
Real Data
- Digital Cameras
- Cell phones
- USB Memory Sticks below the logical layer.
