Forensic Student - In need of sponsor/client

Interesting idea but unless it was given profiles such as "Fraud" or "IP Theft" for example it might not be very coherrent for analysis I think. It would also need alot "Filler" actions such as visiting google, gambling / sporting sites or the like. Everything it does would have to be scripted wouldn't it? The only randomness could be the times / order at which it does it…

Well, not only/not everything.
Remember it is just a semi-random idea, so everything is possible in theory.

One sets up a "spare" machine (or runs a VM in the background)
A "randomizer" program accesses a page from (say) a google search for a given "seed" search term(s).
It analyzes it's contents and uses some of them to generate further searchs/pages visited.
It samples some of these results and makes some text files, .doc/docx's and some xls/xlsx's (and protects some of them with one of the "random" passwords/texts found on the previous searches.
There are a number of "generators" for any kind of text, given a seed and programs capable of having a conversation.
As an example one I personally like is the Scientific paper generator )
http//pdos.csail.mit.edu/scigen/
to such a level of credibility that more than one of them have also been accepted in a real conference (by mistake obviously).
As well there are pseudo AI programs capable to make a chat or the like (example)
http//www.jabberwacky.com/
And making two of them talk between them is not an entirely new idea
http//spectrum.ieee.org/automaton/robotics/artificial-intelligence/chatbot-tries-to-talk-to-itself-things-get-weird
Then one could script just the "imcriminating" part, with profiles like you mentioned "Fraud", "Ip theft", etc.

The show stopper might be the time needed to create an image, I mean, if we use a Internet time synchronized PC or VM, it will take three months to make a three months history, which may not be a particular issue if spare machines are used.
The alternative of setting a date (in the past) in the BIOS (and *somehow* the OS is prevented from synchronizing with Internet time) and - say - have the thingy work one hour then reboot and skip to next day would provide an "accelerated" time which would be fine for everything related to filesystem dates/times, but that won't work for anything "online".
For sites one could use - to a certain extent - the Wayback Machine, but the issue would raise (as an example) with mail messages.

jaclaz

Okay lets forget about the fact of the person having to create an image from scratch as like everyone has mentioned then this would take a great deal of time. And focus on somebody handling a test image and perhaps adding a few pieces of evidence themselves or changing around some file signatures? Then i would just need someone who can act as the client and give me this evidence along with a list of requirements and perhaps a fabricated scenario to go along with it.

From what has been discussed here would nobody be interested in being involved with this. Its my education here guys )

EDIT There are some test images at uni that are very big in depth and size and which we do our lab exercises on i have access to these and they could be an option, i feel that it would be more beneficial for me and my project having something totally third party and not linked to my university studies as it would be more of a challenge.

Google around, there are already test images with accompanying questions which are exactly what you need.

I think you missed my point a little the idea of my project is that it relates to a real life scenario of a piece of evidence being seized and then analysed say for instance cases that happen day to day within the police force. And as i mentioned if i have a so called 'client' the project is much more realistic therefore i can not use just a list of questions from a webpage and have no interaction with the person who set those questions.

I got your point, I'm just trying to gently let you know that I think you are being unrealistic in your expectations )

These forums are a great source of information and advice, and there are some guys here with a scary amount of knowledge so you will always get good advice here.

But I just don't think you will find someone willing to do what you are wanting, partly because of the time involved and partly because you are asking someone else to take control of your learning and be responsible for some of the outcome. I know you aren't actually asking that, but the end result is what this will be.

I wish you luck but I suspect you are going to have to do it yourself, or go back to your professor/lecturer and ask them to do what you need. After all, you are paying them to educate you, not us 😉

Where can we download test images ?

Where can we download test images ?

Who are the "we"?
Which test images?

jaclaz

Have you actually run this idea for your 'project' through with your tutor/professor?

The reason I ask is that what you are basically suggesting is 'doing a case' for a few hours a week is going to be the equivalent of three modules worth of work. Not withstanding the various points others have raised here, I would suggest you may want to reconsider your approach.

The Leeds Metropolitan University website pages for the Computer Forensics course defines the project module as

Production Project
The culmination of your study - this is an opportunity to research, develop and evaluate a product, ideally for an external client, using the skills you have learnt.

http//courses.leedsmet.ac.uk/computerforensics

Based on that definition, I'm not sure your idea really fits.

There are regular posts on this forum about software/hardware that users are encountering looking for solutions to help, perhaps choose one of those as a basis for your project?

I agree with what the others have said, but reading through the thread makes me think a better project might be developing a methodology/tools to help automate the production of forensic 'test' images

Thanks for all the feedback guys, i'm going to change my project idea then. The methodology of test images sounds interesting and there is an obvious lack of this within the forensic community judging by your senior responses, would you guys think this would be a good project to undertake or i have read recent articles like iPhone to access point and cyber bullying do you think these would be a more viable option, or any interesting suggestions would be welcomed i need to decide finally by tomorrow but thanks again for the feedback chaps.

i have read recent articles like iPhone to access point and cyber bullying do you think these would be a more viable option, or any interesting suggestions would be welcomed

Cannot say about iPhones and access points, but cyberbullying (besides the foolishness of the use of "cyber") seems to me like the usual senseless "news and newspapers" periodical trend, for whatever reason, this topic is "cool" and is brought at the attention of the public over and over.
But essentially, when it comes to the strictly forensic investigation, it resolves about

• finding traces/evidence of sent e-mails/messages/tweets/etc. and page/profiles/whatever accesses
• finding traces/evidence of having attempted to use proxies, anonymizers or *whatever* to assume someone else identity or to attempt avoid being traced

i.e. nothing really much different from what you would be looking for in (say) a case of stalking of fraud or even of libel/defamation.
And I believe that stalking and fraud cases are much more common (and possibly more complex) than cyberbullying ones, so I would see a research in those cases as pretty much limited and/or of little use.
Additionally - and I may well be wrong on this ? - it seems to me like - at least the ones I have seen in the news are all about "kids" (actually kids or with the mental age of kids), BTW, JFYI
http//www.forensicfocus.com/Forums/viewtopic/t=10932/
and I doubt that from a technically point of view suspects of such activity will use particularly sophisticated techniques.

jaclaz