ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Research Topics

From ForensicsWiki
Revision as of 03:24, 3 November 2008 by Simsong (Talk | contribs) (Hard Problems)

Jump to: navigation, search
Research Ideas

Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.


Hard Problems

  • Stream Based Disk Forensics. Process the entire disk with one pass, or at most two, to minimize seek time.
  • Determine the device that created an image or video without metadata. (fingerprinting digital cameras)
  • Automatically detect falsified digital evidence.
  • Use the location of where data resides on a computer as a way of inferring information about the computer's past.
  • Detect and diagnose sanitization attempts.

Tool Development

AFF Enhancement

  • Evaluation of the AFF data page size. What is the optimal page size for compressed forensic work?
  • Replacement of the AFF "BADFLAG" approach for indicating bad data with a bitmap.
  • Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
  • Improve the data recovery features of aimage.
  • Replace AFF's current table-of-contents system with one based on B+ Trees.

Decoders and Validators

  • A JPEG decompresser that supports restarts and checkpointing for use in high-speed carving. It would also be useful it the JPEG decompressor didn't actually decompress --- all it needs to do is to verify the huffman table.

Cell Phones

Open source tools for:

  • Imaging the contents of a cell phone memory
  • Reassembling information in a cell phone memory


Corpora Development

Realistic Corpora

  • Simulated disk imags
  • Simulated network traffic

Real Data

  • Digital Cameras
  • Cell phones
  • USB Memory Sticks below the logical layer.