Forensic Student - ...
 
Notifications
Clear all

Forensic Student - In need of sponsor/client  

Page 1 / 3
  RSS
M1chael.
(@m1chael)
New Member

Hello there and thank you for accepting me into your forum, first off a little about me i am currently studying computer forensics at Leeds Metropolitan university. I have just gone into my final year and upon doing various forensic modules i need to do a final year project which takes up 3 of the final 8 as i'm sure many of you will know if you have been to uni.

The teachers have been very open with what we can do in relation to our project and after doing a little brainstorming i have came up with my own idea, they mentioned that if you can actually undertake a client for a real world project then this is beneficial as to gaining extra marks rather than just doing a piece of research on a subject relating to forensics.

My idea is that i'm looking for somebody to take me on as a 'client' who has a good knowledge in relation to computer forensics and if possible criminal investigation background. But most of all somebody who has the time to invest into me, id say perhaps possibly 1/2 hours a week now then 2/3 after Christmas time, this is just a rough estimate and may not be the case but i want someone who will be as interested in this as myself.

So basically i would need said 'sponsor' to create an evidence image of anything, laptop/hdd/mobile that has say been seized in a criminal investigation. And then set a series of targets and goals that i would need to achieve by examining this piece of evidence. Sort of like if i was an employee of a forensics company and the boss gave me a job.

I hope this is making sense so far, and doesn't sound too far fetched i am currently educated to a moderate level with eNcase and ftk Imager but still have a lot yet to learn, however i would really like to learn a new set of software skills and believe this will help my project in the research stages and widen my current range of skills. Possibly some forensic software mac related.

Please post any questions or ideas about this i look forward to hearing from you. Thanks for taking time to read this.

Quote
Posted : 23/09/2013 5:49 pm
jaclaz
(@jaclaz)
Community Legend

So basically i would need said 'sponsor' to create an evidence image of anything, laptop/hdd/mobile that has say been seized in a criminal investigation.

That seems to me like a "show-stopper".

I mean, I presume that noone will ever make a "real case" exit their premises, as doing so would be IMHO a rather serious violation of any number of Laws related to privacy and/or non-disclosure of reserved data, and particularly if the case is a criminal one. ?

The issue is "generic", there are "public" images for these scopes, see
http//www.forensicfocus.com/images-and-challenges

but the risk with those may be that they are *somehow* "fabricated".

As well, let's say that a close friend (or relative) gives you the authorization to image/scan one of their devices.

What if - through examination - you find evidence of a crime, or even learn about something far less serious, like someone cheating on his/her partner or having a (never disclosed before) obsession for - say - popcorn bathing? 😯

I believe you have hit the nail right on the head, there is a difficulty for a future investigator to work on "real" cases.

…. but let's see what the pro's established in the UK think on the matter…
… it is well possible that through some form of NdA this is possible…. ?

jaclaz

ReplyQuote
Posted : 23/09/2013 8:48 pm
minime2k9
(@minime2k9)
Active Member

I'm with Jaclaz on this.

As a current UK Forensic Investigator in a Police force, I can say with some certainty that we would not allow a live or even an old case to leave our control, without some sort of court order and a Memorandum of Undertaking, especially as a large proportion of our jobs involve IIC.

That said, I know some forces and companies do take on students for GAP years, maybe you could approach one about working for them for a period of time and undertaking work, although they would probably want you doing jobs like imaging etc which wouldn't really fill the criteria to your project. This would mainly be as any work you do could easily be criticized in court for your lack of qualifications and experience.

The challenges jaclaz mentioned seem like a good idea or another possibility would be data recovery work, but again not sure if that would meet your criteria.

On another note it does seem odd that the University would want you to do a project in that manner, as the kind of job you would get would usually be simple. I would have thought some research would have been better use of your time.

ReplyQuote
Posted : 24/09/2013 1:05 pm
Chris_Ed
(@chris_ed)
Active Member

As a current UK Police Investigator, I can say with some certainty that we would not allow a live case to leave our control, without some sort of court order and a Memorandum of Undertaking, especially as a large proportion of our jobs involve IIC.

Just to divert the thread slightly, if I may when you say "Court Order" do you mean written order which needs to be shown / faxed to you before you release material? Do you require this for all defense expert work?

By all means PM me if you think it's de-railing the topic too much, but I would be super interested in your response. Thanks.

ReplyQuote
Posted : 24/09/2013 1:12 pm
Adam10541
(@adam10541)
Senior Member

The way I read his request he is wanting someone to "create a case" for him, rather than use an existing one.

As Jaclaz pointed out there are plenty of test images already available on the internet. Having attempted to create a test image myself once for a junior I can say it's not as easy to get the desired effect as you might think, and to put together something meaningful with all the needed elements would be quite time consuming.

I very much doubt you will find a working professional with the time up their sleeve to do this, but I could be wrong )

ReplyQuote
Posted : 24/09/2013 1:56 pm
M1chael.
(@m1chael)
New Member

Yes sorry i think i may have been misleading, i do not want any previous criminal cases or anything that is real this is all hypothetical. A test image sounds great but the person would need to have a little knowledge with the image to set me a series of questions. A piece of research would be somewhat boring i feel as apposed to this approach would mean i learn new skills and also meet the clients targets and goals ultimately giving my personal opinion of the case.

As well as being interesting to do and ultimately more marks.

I think i may have over estimated the time i would need from this person. Perhaps 1-2 hours initially then maybe 30 mins to an hour every two weeks.

Thanks again. Any other input or ideas are welcome.

EDIT* And the reason i mentioned criminal was that i am thinking i want to try and take the role of somebody tasked with analyzing a piece of evidence in an investigation and following the orders of a senior person I.e A Remit of instructions. Adhering to Chain of custody and ACPO guidelines etc.

ReplyQuote
Posted : 24/09/2013 6:41 pm
jhup
 jhup
(@jhup)
Community Legend

How about firing up a VM and load all the stuff on it you want? This is how I create the images I teach with…

ReplyQuote
Posted : 24/09/2013 9:28 pm
jaclaz
(@jaclaz)
Community Legend

How about firing up a VM and load all the stuff on it you want? This is how I create the images I teach with…

But traces leading to
http//i.imgur.com/nAgQ7.jpg
won't be there wink , it will still be a "controlled" and somehow "fabricated" environment.
You will actually know beforehand what you put into it, which programs you ran, which sites you visited, etc., etc., a "perfect" teaching/learning support, but not something in which anything can literally be "discovered", it will be exactly as varied as you wish it to be, will not have a (say) three year old file deleted and by miracle surviving a defrag, etc., a good, but necessarily "limited" simulation of the "real thing".

Seriously, there must be some way to create "random" use in a VM ? a sort of automated user that runs a number of programs, visits sites, downloads things, etc., even the available forensics images tend (obviously) to be a bit outdated, if not his could be a brand new idea idea for a research project, and surely it would be useful for practice to a number of students/inexperienced practitioners. ?

jaclaz

ReplyQuote
Posted : 24/09/2013 10:55 pm
Adam10541
(@adam10541)
Senior Member

I think i may have over estimated the time i would need from this person. Perhaps 1-2 hours initially then maybe 30 mins to an hour every two weeks.

You have actually drastically underestimated the amount of time this would take. To create a test image, then populate that image with say internet history, search terms, deleted files and various trace evidence, then to create a 'scenario' and come up with the pertinent questions for you would take quite a few hours. Not to mention that the person who created the image would first have to undertake the analysis themselves to confirm that the image actually does contain all the relevant data as needed.

I'm quite serious that what you are asking is a very large time commitment, even someone who is experienced and regularly creates these types of images for students I suspect would take longer than 2 hours.

Google around, there are already test images with accompanying questions which are exactly what you need.

ReplyQuote
Posted : 25/09/2013 7:51 am
Percontor
(@percontor)
New Member

Hi there,

As Jaclaz mentioned there are challenges out there which also provide a guide as to what you should be searching for however they also provide the answers so I'm not sure how valuable they will be as an assessment peice.

I enjoyed these two challenges

http//www.cfreds.nist.gov/dfrws/Rhino_Hunt.html

http//www.cfreds.nist.gov/Hacking_Case.html

Seriously, there must be some way to create "random" use in a VM a sort of automated user that runs a number of programs, visits sites, downloads things, etc.,

Interesting idea but unless it was given profiles such as "Fraud" or "IP Theft" for example it might not be very coherrent for analysis I think. It would also need alot "Filler" actions such as visiting google, gambling / sporting sites or the like. Everything it does would have to be scripted wouldn't it? The only randomness could be the times / order at which it does it…

ReplyQuote
Posted : 25/09/2013 11:26 am
jaclaz
(@jaclaz)
Community Legend

Interesting idea but unless it was given profiles such as "Fraud" or "IP Theft" for example it might not be very coherrent for analysis I think. It would also need alot "Filler" actions such as visiting google, gambling / sporting sites or the like. Everything it does would have to be scripted wouldn't it? The only randomness could be the times / order at which it does it…

Well, not only/not everything.
Remember it is just a semi-random idea, so everything is possible in theory.

One sets up a "spare" machine (or runs a VM in the background)
A "randomizer" program accesses a page from (say) a google search for a given "seed" search term(s).
It analyzes it's contents and uses some of them to generate further searchs/pages visited.
It samples some of these results and makes some text files, .doc/docx's and some xls/xlsx's (and protects some of them with one of the "random" passwords/texts found on the previous searches.
There are a number of "generators" for any kind of text, given a seed and programs capable of having a conversation.
As an example one I personally like is the Scientific paper generator )
http//pdos.csail.mit.edu/scigen/
to such a level of credibility that more than one of them have also been accepted in a real conference (by mistake obviously).
As well there are pseudo AI programs capable to make a chat or the like (example)
http//www.jabberwacky.com/
And making two of them talk between them is not an entirely new idea
http//spectrum.ieee.org/automaton/robotics/artificial-intelligence/chatbot-tries-to-talk-to-itself-things-get-weird
Then one could script just the "imcriminating" part, with profiles like you mentioned "Fraud", "Ip theft", etc.

The show stopper might be the time needed to create an image, I mean, if we use a Internet time synchronized PC or VM, it will take three months to make a three months history, which may not be a particular issue if spare machines are used.
The alternative of setting a date (in the past) in the BIOS (and *somehow* the OS is prevented from synchronizing with Internet time) and - say - have the thingy work one hour then reboot and skip to next day would provide an "accelerated" time which would be fine for everything related to filesystem dates/times, but that won't work for anything "online".
For sites one could use - to a certain extent - the Wayback Machine, but the issue would raise (as an example) with mail messages.

jaclaz

ReplyQuote
Posted : 25/09/2013 2:41 pm
M1chael.
(@m1chael)
New Member

Okay lets forget about the fact of the person having to create an image from scratch as like everyone has mentioned then this would take a great deal of time. And focus on somebody handling a test image and perhaps adding a few pieces of evidence themselves or changing around some file signatures? Then i would just need someone who can act as the client and give me this evidence along with a list of requirements and perhaps a fabricated scenario to go along with it.

From what has been discussed here would nobody be interested in being involved with this. Its my education here guys )

EDIT There are some test images at uni that are very big in depth and size and which we do our lab exercises on i have access to these and they could be an option, i feel that it would be more beneficial for me and my project having something totally third party and not linked to my university studies as it would be more of a challenge.

ReplyQuote
Posted : 30/09/2013 7:12 pm
M1chael.
(@m1chael)
New Member

Google around, there are already test images with accompanying questions which are exactly what you need.

I think you missed my point a little the idea of my project is that it relates to a real life scenario of a piece of evidence being seized and then analysed say for instance cases that happen day to day within the police force. And as i mentioned if i have a so called 'client' the project is much more realistic therefore i can not use just a list of questions from a webpage and have no interaction with the person who set those questions.

ReplyQuote
Posted : 30/09/2013 7:19 pm
Adam10541
(@adam10541)
Senior Member

I got your point, I'm just trying to gently let you know that I think you are being unrealistic in your expectations )

These forums are a great source of information and advice, and there are some guys here with a scary amount of knowledge so you will always get good advice here.

But I just don't think you will find someone willing to do what you are wanting, partly because of the time involved and partly because you are asking someone else to take control of your learning and be responsible for some of the outcome. I know you aren't actually asking that, but the end result is what this will be.

I wish you luck but I suspect you are going to have to do it yourself, or go back to your professor/lecturer and ask them to do what you need. After all, you are paying them to educate you, not us 😉

ReplyQuote
Posted : 01/10/2013 7:41 am
cvsmkiran
(@cvsmkiran)
New Member

Where can we download test images ?

ReplyQuote
Posted : 01/10/2013 9:12 am
Page 1 / 3
Share: