Hi Guys,
I have been thinking long and hard about a final year project topic that I could do. To no avail, I could not think of a project topic so I decided to browse the forums here when I came across a post about investigating the vulnerability of data on hard drives.
So, I decided to stick to this Idea and try to take it further and this is what I have come up with
I am going to purchase/scrounge some hard drives and analyse them to see how easy it is to retrieve users information such as cookies, usernames, passwords etc and include this in a report showing the vulnerability of the data.
After I have finished analyzing the drives, I would then use the results to inform some research questions which I would then ask the general public.
I'd then go on to find different methods that could be used to ensure that the data on these hard drives is not retrievable/recoverable (I read on a forensic websites that they can do secure drive wiping/destruction). Im also assuming that there are possibly other methods?
–
I was wondering whether anyone here has any further ideas that I could use in my project to make it more interesting and gain more academic credit.
Also, Is there anything that could potentially get me in trouble for doing this project (seeing as Im looking at other peoples hard drives)?
Im just alittle worried that the project (as it is now) would not be worth 270 hours of work.
Thank you in advance for any help
I would think your main problem would be getting your proposal through your University's ethics committee. The idea of scrounged equipment for examination was something that was refused for several of my former fellow students, instead it was insisted that brand new discs were bought, and an OS installed and artefacts, such as cookie,s created under controlled circumstances, before the projects got ethical approval. You would also likely need ethical approval for the questionnaire you plan, but that should not be a problem provided you make answers anonymous.
The one thing that bothers me is that there is no element of new research, although this is not really a requirement for undergraduate projects. Having said that, new research, or proposing new methods will likely score you good marks!
Don't forget that the credit weighting influences the time spent on your project, and that everything you do, including research, practical work, and even the writing up of the results (and the final dissertation) counts towards the time requirement. You will probably create more questions for yourself to answer as you go along (I certainly did!), some of which you won't be able to answer, so don't focus too much on the time component. An extended project/dissertation will often raise more questions than it answers, and that is no bad thing!
Hope this helps
Ben
Thanks for the reply Ben
Unfortunately, my project was refused on the basis that it was unchallenging, mechanical and repetitive. Needs to be worth 270 hours and explainable too otherwise it gets rejected.
Im now in the situation where I have no other ideas that pop into my head atm, I have searched the forums for possible ideas to no avail and my proposal deadline is in very soon.
Im getting desperate for some kind of hope in terms of a project idea that is challenging enough.
Im pretty much useless at programming so that is definitely out of the question. So im leaning towards a research project where I can do experiments and I dont mind doing questionnaires to ask the public. I've also done a module on databases in case that fuels something…
Im quite interested in digital piracy, but a students project report was posted on our university website as an example from last year so I dont think i can do that..
Doesn't have to be directly forensic related but would be preferable for better credit.
If anyone has any ideas… it would be massively appreciated
thanks,
Laura
Could you connect a secured computer to the Internet for X amount of time, and then an insecure computer for the same amount of time and determine which one was compromised and write a report on the forensic differences between the two?
Edit I don't have a degree in CF, so take this suggestion for what it's worth…
Thanks for the Suggestion Audio…
However, I dont think its complex enough to be accepted as a final year project.
It'd just be looking at artefact's created ( or simply a before and after shot ) and I did something similar for an assignment last year.
Thanks anyway though
What about an analysis of how the various SSD manufacturers handle wear-leveling, how data is written, etc.?
Thank you for your suggestion BitHead, that sounds interesting, I will certainatly have a look into this.
Any other suggestions are welcome in the mean time
Any other ideas sparking from anyone?
I just finished my MSc a few weeks ago and I recommended a few areas of work based on my findings…
Briefly they are…
1. taking my findings one step further, i found that pagefile.sys file and temporary internet files folder contains information from private browsing but what I did not do was investigate the effects of different scenarios as well as a detailed inspection of the evidence such as what the file contains and how long does it last, its meant to only last 20 hours (dont remember the exact time) and be removed when the computer shuts down but this was not the case. There is also a file concerned with hibernation that i didn't look at that potentially will store evidence.
2. My project focused on the evidence traces of private browsing from internet explorer but the other versions of private browsing such as firefox and chrome have not been investigated. The problem here however is the lack of literature but I noticed in the last few months more is being produced in this area. Also i think that chrome and fire fox forensic methodology is not as well defined and IE
3. The last thing i recommend was the other types of forensic analysis, I focused on file system analysis but what about network and ram analysis. Network analysis is interesting because private browsers only protect you by not storing information on the computer (Supposedly) and ram analysis is interesting because private browsers supposedly store all of the data in the ram and not on the hard drive.
Just a few areas I believe are currently relevant and i was not able to complete on my project.