Difference between revisions of "Research Topics"

From ForensicsWiki
Jump to: navigation, search
m (Flash Memory)
m (Hard Problems)
Line 9: Line 9:
 
* Automatically detect falsified digital evidence.
 
* Automatically detect falsified digital evidence.
 
* Use the location of where data resides on a computer as a way of inferring information about the computer's past.
 
* Use the location of where data resides on a computer as a way of inferring information about the computer's past.
* Detect and diagnose sanitization attempts.
+
* Detect and diagnose sanitization attempts.
* Recover overwritten data.
+
  
 
=Tool Development=
 
=Tool Development=

Revision as of 23:24, 2 November 2008

Research Ideas

Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.


Hard Problems

  • Stream Based Disk Forensics. Process the entire disk with one pass, or at most two, to minimize seek time.
  • Determine the device that created an image or video without metadata. (fingerprinting digital cameras)
  • Automatically detect falsified digital evidence.
  • Use the location of where data resides on a computer as a way of inferring information about the computer's past.
  • Detect and diagnose sanitization attempts.

Tool Development

AFF Enhancement

  • Evaluation of the AFF data page size. What is the optimal page size for compressed forensic work?
  • Replacement of the AFF "BADFLAG" approach for indicating bad data with a bitmap.
  • Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
  • Improve the data recovery features of aimage.
  • Replace AFF's current table-of-contents system with one based on B+ Trees.

Decoders and Validators

  • A JPEG decompresser that supports restarts and checkpointing for use in high-speed carving. It would also be useful it the JPEG decompressor didn't actually decompress --- all it needs to do is to verify the huffman table.

Cell Phones

Open source tools for:

  • Imaging the contents of a cell phone memory
  • Reassembling information in a cell phone memory


Corpora Development

Realistic Corpora

  • Simulated disk imags
  • Simulated network traffic

Real Data

  • Digital Cameras
  • Cell phones
  • USB Memory Sticks below the logical layer.