|
|
| Line 1: |
Line 1: |
| − | Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
| + | WetStone Technologies sells products and training for computer forensics. These products include: |
| | | | |
| − | ==Disk Forensics==
| + | * [[Gargoyle Investigator]] |
| − | ===SleuthKit Enhancements===
| + | * [[LiveWire Investigator]]. |
| − | * Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK. (I've already started on this if you want the code.) | + | * [[LiveDiscover]] |
| − | * Make SleuthKit handle Encrypted Files. | + | * [[Stego Suite]] |
| − | * Modify SleuthKit to report the physical location on disk of compressed files. | + | |
| | | | |
| − | ===fiwalk Enhancements===
| + | Their training courses include: |
| − | * Automatically
| + | |
| − | ===Stream Forensics===
| + | |
| − | * Process the entire disk with one pass, or at most two, to minimize seek time.
| + | |
| | | | |
| − | ===Evidence Falsification===
| + | * [[Hacking BootCamp for Investigators]] |
| − | * Automatically detect falsified digital evidence. | + | * [[Live Investigator Training]] |
| | + | * [[Steganography Investigator Training]] |
| | | | |
| − | ===Sanitization===
| |
| − | * Detect and diagnose sanitization attempts.
| |
| | | | |
| | + | == External Links == |
| | | | |
| − | ===[[AFF]] Enhancement===
| + | * [http://www.wetstonetech.com/ Official Website] |
| − | * Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
| + | |
| | | | |
| − | * Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
| + | [[Category:Vendor]] |
| − | | + | |
| − | * Improve the data recovery features of aimage.
| + | |
| − | | + | |
| − | * Replace AFF's current table-of-contents system with one based on B+ Trees.
| + | |
| − | | + | |
| − | ==Timeline Analysis==
| + | |
| − | Write a new timeline viewer that supports:
| + | |
| − | * Logfile fusion (with offsets)
| + | |
| − | * Logfile correlation
| + | |
| − | * View logfiles in the frequency domain.
| + | |
| − | | + | |
| − | ==Carving==
| + | |
| − | ===JPEG Validator===
| + | |
| − | Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.
| + | |
| − | | + | |
| − | | + | |
| − | ==Cell Phone Exploitation==
| + | |
| − | ===Imaging===
| + | |
| − | Develop a tool for imaging the contents of a cell phone memory
| + | |
| − | ===Interpretation===
| + | |
| − | * Develop a tool for reassembling information in a cell phone memory
| + | |
| − | | + | |
| − | | + | |
| − | ==Corpora Development==
| + | |
| − | ===Realistic Disk Corpora===
| + | |
| − | There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
| + | |
| − | | + | |
| − | These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
| + | |
| − | | + | |
| − | From DFRWS 2005
| + | |
| − | Frank Adelstein (ATC-NY), Yun Gao and Golden G. Richard III (University of New Orleans): Automatically Creating Realistic Targets for Digital Forensics Investigation http://www.dfrws.org/2005/program.shtml
| + | |
| − | | + | |
| − | ===Realistic Network Traffic===
| + | |
| − | Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
| + | |
WetStone Technologies sells products and training for computer forensics. These products include:
