Hi everyone.
I really need some help to brainstorm possible topics for my PhD in Computer Forensics. Generally I would do this sort of brainstorming in person with other practitioners in this field, but unfortunately, in South Africa, experienced computer forensic practitioners are few and far between, and as such I extend by request to my fellow practitioners in cyberspace.
Those of you who has done research degrees know how frustrating and sometimes difficult it is to come up with a decent research topic.
I am also sure that there are other people in the same predicament as I am in, whether it is research for a Masters or PhD. So, maybe all of us practitioners can think of topics that we would like to see researched and post them here….
As the list of possible research topics grows, hopefully more relevant research can be done for the computer forensics community.
Thanks in advance for the help.
If you really want to benefit the forensic community publish a full, clear, concise document about write-blockers.
For instance, explain that in fact an examiner can still write to a device using a write-blocker and demonstrate the type of data that gets written to a device - by way of illustration, AT Command Sets etc
Then show the various devices tested which were and were not able to operate with a write-blocker insitu
- computer
- PDA
- mobile telephone
- pager
- memory devcies
- SIM/USIM
- etc
Just an idea…
I have no idea how technical the research would need to be. However having just done a Mac, looking into the cache.db and creating an automated reconstructor would certainly be usedful for those doing the Safari history. It appears to store a wealth of information in an SQLite database format. And the most useful tool i found for interpreting it (Safari forensic tools) resulted in that cache being exported as a number of files into a single directory, sequentially numbered, of which the images appeared often scrambled (manually extracted when opened in an SQLite database they appear properly).
So in short, it would appear possible to create something that would produce a detailed report from the information in the cache.db - including pictures, times, dates, the webpages themselves, etc, as it all seems to be stored in this cache.
(Guess this is a wishlist as well as a suggestion 😉 )