I now have 3 months off for summer before my last year doing computer forensics, I want to do a project over the summer with some programming and need some ideas.
I would like to write a piece of forensics software that would be useful to the community, does anyone have any original ideas of what might be useful?
I will be using Java, but I can intergrate it into a web based programe as I know php, xhtml etc.
Thanks for your help in advance!
I now have 3 months off for summer before my last year doing computer forensics, I want to do a project over the summer with some programming and need some ideas.
I would like to write a piece of forensics software that would be useful to the community, does anyone have any original ideas of what might be useful?
I will be using Java, but I can intergrate it into a web based programe as I know php, xhtml etc.
Thanks for your help in advance!
Hi Nizmon!
Try this website
There are a number of great examples of project that you can undertake.
The projects are in a variety of programming languages.
Myself I will be doing my Final Year Project in the next academic year.
I found the site very helpful.
Good Luck!
Joel,
I would like to write a piece of forensics software that would be useful to the community, does anyone have any original ideas of what might be useful?
* Here one idea – tool validation support how does a forensic analyst validate a tool comprehensively? rarely, if at all, it seems. I've mainly thought around file system browser tools, but the idea should be applicable to other types.
For file system browser validation, it seems to be a question of a) creating a master description of the content of the file system, b) create a test file systems images from that master descriptions, b) pass that images to the tool being validated, c) extract a description of the interpreted information through the tool, and output as a new master description. Now, if the two description files are identical, everything is fine. If not, there's a problem to be investigated. Of course, the original description file needs to be created 'with hostile intent' for best effect illegal time stamps, file names with NULs in them, and whatnot.
File systems can be pretty big things, though, so some smaller area seems advisable for a 3-month project image files (TIFF?), Windows registry files, disk partition structures, … The important point is that there must be a tool from which it is possible to extract a full 'dump' which can then be transformed back into the master description file format – plain GUI tools won't help here. I think the chances to find those are best in the Unix world – perhaps something close to Sleuthkit?
The goal is to be able to do these tests more or less automatically.
* Here's another idea a MBR identifier given an MBR sector dump, identify the source of it, and any interesting facts about it. (For instance, MBRs of whole disk encryption products seem to be sufficiently unique to identify the product, and that may go for several of the various boot manager products as well. And there are MBRs out there that have five partition slots – Nec PC98.) Just being able to say that the MBR of the examined drive is not one produced by the standard platform tools would be a help.
Could perhaps be done as a file(1) pattern add-on, even if that means a minimum of programming.
Not sure of your choice of Java makes these ideas extra difficult or impossible.