Raspberry Pi Disser...
 
Notifications
Clear all

Raspberry Pi Dissertation

L_F123
(@l_f123)
New Member

Hi All,

This is my first post here on the forum, so a small bit of background. I am a final year Computer Forensic student who has just started on the dissertation for my final year.

The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.

My idea for this topic is to create a portable & simple to use device primarily aimed at small labs, the devices will be used to triage USB devices e.g. memory sticks (probably) and compare the contents against a known set of files. If the stick contains any of the known files then they will be flagged and can be analysed further.

My Question is, has anyone out there ever used a device like a Pi for anything forensic related, or does anyone have any comments that can be used in order for me to gauge an audience or to include as part of my initial research?

Thanks

Luke

Quote
Topic starter Posted : 03/10/2017 4:19 pm
jhup
 jhup
(@jhup)
Community Legend

If you look at several portable (luggable) forensic devices, they have SoC with some embedded OS.
Disk duplicators, cell phone collecting devices, and many more work this way.

A RasPi solution would be acceptable. Caveat - the RaspPi is truly for prototyping, not for production. A more fine tuned system would be less costly and most likely faster than a generalist solution.

ReplyQuote
Posted : 03/10/2017 5:41 pm
C.R.S.
(@c-r-s)
Active Member

The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.

Consider a system which has SATA support, so you can image to a sufficient amount of storage.

Performance of these computers is very low, of course, and in most cases resides in the GPU. Maybe you can get a reasonable hash rate to hash the image or create a file set (xml/csv) for each image, if you implement an algorithm on the GPU.

ReplyQuote
Posted : 03/10/2017 10:15 pm
L_F123
(@l_f123)
New Member

Thank you all for the posts. I have looked further into the project and have found a couple of SBC's which may be more suited to the project, the first being the ODroid XU4 with its usb 3 ports or the Banana Pi M2 ultra/ M3.

I have decided to create a simple tool which will compare the files on a device eg HDD, USB, possibly mobiles(Need to do additional research)

Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?

Any other considerations anyone could add would be a great help.

Thanks in advance,

Luke

ReplyQuote
Topic starter Posted : 08/11/2017 1:49 pm
athulin
(@athulin)
Community Legend

Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?

You can download a large set of hashes from

https://www.nist.gov/itl/ssd/software-quality-group/nsrl-download/current-rds-hash-sets

However, … managing large hash collections may lead you away from your primary goal it may be easier to stick to a small sample set that you create yourself, say, from a default Linux or FreeBSD installation.

ReplyQuote
Posted : 08/11/2017 3:58 pm
Share: