Forensic Student - ...
 
Notifications
Clear all

Forensic Student - In need of sponsor/client

44 Posts
14 Users
0 Likes
2,778 Views
(@m1chael)
Posts: 6
Active Member
Topic starter
 

Hello there and thank you for accepting me into your forum, first off a little about me i am currently studying computer forensics at Leeds Metropolitan university. I have just gone into my final year and upon doing various forensic modules i need to do a final year project which takes up 3 of the final 8 as i'm sure many of you will know if you have been to uni.

The teachers have been very open with what we can do in relation to our project and after doing a little brainstorming i have came up with my own idea, they mentioned that if you can actually undertake a client for a real world project then this is beneficial as to gaining extra marks rather than just doing a piece of research on a subject relating to forensics.

My idea is that i'm looking for somebody to take me on as a 'client' who has a good knowledge in relation to computer forensics and if possible criminal investigation background. But most of all somebody who has the time to invest into me, id say perhaps possibly 1/2 hours a week now then 2/3 after Christmas time, this is just a rough estimate and may not be the case but i want someone who will be as interested in this as myself.

So basically i would need said 'sponsor' to create an evidence image of anything, laptop/hdd/mobile that has say been seized in a criminal investigation. And then set a series of targets and goals that i would need to achieve by examining this piece of evidence. Sort of like if i was an employee of a forensics company and the boss gave me a job.

I hope this is making sense so far, and doesn't sound too far fetched i am currently educated to a moderate level with eNcase and ftk Imager but still have a lot yet to learn, however i would really like to learn a new set of software skills and believe this will help my project in the research stages and widen my current range of skills. Possibly some forensic software mac related.

Please post any questions or ideas about this i look forward to hearing from you. Thanks for taking time to read this.

 
Posted : 23/09/2013 4:49 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

So basically i would need said 'sponsor' to create an evidence image of anything, laptop/hdd/mobile that has say been seized in a criminal investigation.

That seems to me like a "show-stopper".

I mean, I presume that noone will ever make a "real case" exit their premises, as doing so would be IMHO a rather serious violation of any number of Laws related to privacy and/or non-disclosure of reserved data, and particularly if the case is a criminal one. ?

The issue is "generic", there are "public" images for these scopes, see
http//www.forensicfocus.com/images-and-challenges

but the risk with those may be that they are *somehow* "fabricated".

As well, let's say that a close friend (or relative) gives you the authorization to image/scan one of their devices.

What if - through examination - you find evidence of a crime, or even learn about something far less serious, like someone cheating on his/her partner or having a (never disclosed before) obsession for - say - popcorn bathing? 😯

I believe you have hit the nail right on the head, there is a difficulty for a future investigator to work on "real" cases.

…. but let's see what the pro's established in the UK think on the matter…
… it is well possible that through some form of NdA this is possible…. ?

jaclaz

 
Posted : 23/09/2013 7:48 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

I'm with Jaclaz on this.

As a current UK Forensic Investigator in a Police force, I can say with some certainty that we would not allow a live or even an old case to leave our control, without some sort of court order and a Memorandum of Undertaking, especially as a large proportion of our jobs involve IIC.

That said, I know some forces and companies do take on students for GAP years, maybe you could approach one about working for them for a period of time and undertaking work, although they would probably want you doing jobs like imaging etc which wouldn't really fill the criteria to your project. This would mainly be as any work you do could easily be criticized in court for your lack of qualifications and experience.

The challenges jaclaz mentioned seem like a good idea or another possibility would be data recovery work, but again not sure if that would meet your criteria.

On another note it does seem odd that the University would want you to do a project in that manner, as the kind of job you would get would usually be simple. I would have thought some research would have been better use of your time.

 
Posted : 24/09/2013 12:05 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

As a current UK Police Investigator, I can say with some certainty that we would not allow a live case to leave our control, without some sort of court order and a Memorandum of Undertaking, especially as a large proportion of our jobs involve IIC.

Just to divert the thread slightly, if I may when you say "Court Order" do you mean written order which needs to be shown / faxed to you before you release material? Do you require this for all defense expert work?

By all means PM me if you think it's de-railing the topic too much, but I would be super interested in your response. Thanks.

 
Posted : 24/09/2013 12:12 pm
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

The way I read his request he is wanting someone to "create a case" for him, rather than use an existing one.

As Jaclaz pointed out there are plenty of test images already available on the internet. Having attempted to create a test image myself once for a junior I can say it's not as easy to get the desired effect as you might think, and to put together something meaningful with all the needed elements would be quite time consuming.

I very much doubt you will find a working professional with the time up their sleeve to do this, but I could be wrong )

 
Posted : 24/09/2013 12:56 pm
(@m1chael)
Posts: 6
Active Member
Topic starter
 

Yes sorry i think i may have been misleading, i do not want any previous criminal cases or anything that is real this is all hypothetical. A test image sounds great but the person would need to have a little knowledge with the image to set me a series of questions. A piece of research would be somewhat boring i feel as apposed to this approach would mean i learn new skills and also meet the clients targets and goals ultimately giving my personal opinion of the case.

As well as being interesting to do and ultimately more marks.

I think i may have over estimated the time i would need from this person. Perhaps 1-2 hours initially then maybe 30 mins to an hour every two weeks.

Thanks again. Any other input or ideas are welcome.

EDIT* And the reason i mentioned criminal was that i am thinking i want to try and take the role of somebody tasked with analyzing a piece of evidence in an investigation and following the orders of a senior person I.e A Remit of instructions. Adhering to Chain of custody and ACPO guidelines etc.

 
Posted : 24/09/2013 5:41 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

How about firing up a VM and load all the stuff on it you want? This is how I create the images I teach with…

 
Posted : 24/09/2013 8:28 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

How about firing up a VM and load all the stuff on it you want? This is how I create the images I teach with…

But traces leading to
http//i.imgur.com/nAgQ7.jpg
won't be there wink , it will still be a "controlled" and somehow "fabricated" environment.
You will actually know beforehand what you put into it, which programs you ran, which sites you visited, etc., etc., a "perfect" teaching/learning support, but not something in which anything can literally be "discovered", it will be exactly as varied as you wish it to be, will not have a (say) three year old file deleted and by miracle surviving a defrag, etc., a good, but necessarily "limited" simulation of the "real thing".

Seriously, there must be some way to create "random" use in a VM ? a sort of automated user that runs a number of programs, visits sites, downloads things, etc., even the available forensics images tend (obviously) to be a bit outdated, if not his could be a brand new idea idea for a research project, and surely it would be useful for practice to a number of students/inexperienced practitioners. ?

jaclaz

 
Posted : 24/09/2013 9:55 pm
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

I think i may have over estimated the time i would need from this person. Perhaps 1-2 hours initially then maybe 30 mins to an hour every two weeks.

You have actually drastically underestimated the amount of time this would take. To create a test image, then populate that image with say internet history, search terms, deleted files and various trace evidence, then to create a 'scenario' and come up with the pertinent questions for you would take quite a few hours. Not to mention that the person who created the image would first have to undertake the analysis themselves to confirm that the image actually does contain all the relevant data as needed.

I'm quite serious that what you are asking is a very large time commitment, even someone who is experienced and regularly creates these types of images for students I suspect would take longer than 2 hours.

Google around, there are already test images with accompanying questions which are exactly what you need.

 
Posted : 25/09/2013 6:51 am
(@percontor)
Posts: 4
New Member
 

Hi there,

As Jaclaz mentioned there are challenges out there which also provide a guide as to what you should be searching for however they also provide the answers so I'm not sure how valuable they will be as an assessment peice.

I enjoyed these two challenges

http//www.cfreds.nist.gov/dfrws/Rhino_Hunt.html

http//www.cfreds.nist.gov/Hacking_Case.html

Seriously, there must be some way to create "random" use in a VM a sort of automated user that runs a number of programs, visits sites, downloads things, etc.,

Interesting idea but unless it was given profiles such as "Fraud" or "IP Theft" for example it might not be very coherrent for analysis I think. It would also need alot "Filler" actions such as visiting google, gambling / sporting sites or the like. Everything it does would have to be scripted wouldn't it? The only randomness could be the times / order at which it does it…

 
Posted : 25/09/2013 10:26 am
Page 1 / 5
Share: