Difference between pages "Research Topics" and "DEFT Linux 2"

From ForensicsWiki
(Difference between pages)
Redirect page
Jump to: navigation, search
m
 
(Redirected page to DEFT Linux)
 
Line 1: Line 1:
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
+
#REDIRECT [[DEFT Linux]]
 
+
==Disk Forensics==
+
===Stream Forensics===
+
Process the entire disk with one pass, or at most two, to minimize seek time. 
+
 
+
===Evidence Falsification===
+
Automatically detect falsified digital evidence.
+
 
+
===Sanitization===
+
Detect and diagnose sanitization attempts.
+
 
+
 
+
===[[AFF]] Enhancement===
+
* Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
+
 
+
* Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
+
 
+
* Improve the data recovery features of aimage.
+
 
+
* Replace AFF's current table-of-contents system with one based on B+ Trees.
+
 
+
==Carving==
+
===JPEG Validator===
+
Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.
+
 
+
 
+
==Cell Phone Exploitation==
+
===Imaging===
+
Develop a tool for imaging the contents of a cell phone memory
+
===Interpretation===
+
* Develop a tool for reassembling information in a cell phone memory
+
 
+
 
+
==Corpora Development==
+
===Realistic Disk Corpora===
+
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
+
 
+
These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
+
 
+
===Realistic Network Traffic===
+
Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
+

Latest revision as of 03:25, 18 September 2009