|
|
| Line 1: |
Line 1: |
| − | Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
| + | #REDIRECT [[DEFT Linux]] |
| − | | + | |
| − | ==Disk Forensics==
| + | |
| − | ===Stream Forensics===
| + | |
| − | Process the entire disk with one pass, or at most two, to minimize seek time.
| + | |
| − | | + | |
| − | ===Evidence Falsification===
| + | |
| − | Automatically detect falsified digital evidence.
| + | |
| − | | + | |
| − | ===Sanitization===
| + | |
| − | Detect and diagnose sanitization attempts.
| + | |
| − | | + | |
| − | | + | |
| − | ===[[AFF]] Enhancement===
| + | |
| − | * Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
| + | |
| − | | + | |
| − | * Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
| + | |
| − | | + | |
| − | * Improve the data recovery features of aimage.
| + | |
| − | | + | |
| − | * Replace AFF's current table-of-contents system with one based on B+ Trees.
| + | |
| − | | + | |
| − | ==Carving==
| + | |
| − | ===JPEG Validator===
| + | |
| − | Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.
| + | |
| − | | + | |
| − | | + | |
| − | ==Cell Phone Exploitation==
| + | |
| − | ===Imaging===
| + | |
| − | Develop a tool for imaging the contents of a cell phone memory
| + | |
| − | ===Interpretation===
| + | |
| − | * Develop a tool for reassembling information in a cell phone memory
| + | |
| − | | + | |
| − | | + | |
| − | ==Corpora Development==
| + | |
| − | ===Realistic Disk Corpora===
| + | |
| − | There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).
| + | |
| − | | + | |
| − | These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
| + | |
| − | | + | |
| − | ===Realistic Network Traffic===
| + | |
| − | Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
| + | |
