Greetings all,
I'm a Msc Computer Forensics student at University of Glamorgan, this summer I'll be doing my Msc project.
I've selected my topic area to be "Proactive Forensics" for which I am looking to develop a forensic system with the ability to search for possible clues that may lead to a crime, and report it so the possible crime can be prevented before it can actually occur.
I wonder if there are some of you on this forum who also have research interest in this area, or what do you think of this topic, and any suggestions?
Thank you very much!!
Jessie
Hmm.. That's quite interesting. Were you thinking of something like a web bot, crawling websites and logging possible criminal use? A deep packet inspection model that examines the data people are sending and receiving and checks for possible contraband? Or something more local?
I've selected my topic area to be "Proactive Forensics" for which I am looking to develop a forensic system with the ability to search for possible clues that may lead to a crime, and report it so the possible crime can be prevented before it can actually occur.
Were you inspired by the movie 'Minority Report'? D Cool idea, though.
One possible area for you to explore would be the problem of people breaking court orders using Twitter and social networks it's pretty topical in the UK at the moment. Whatever you propose you'll certainly need to address the implications of such techniques for civil liberties as part of your project.
Re joethomas
at the moment im thinking more toward the direction of white collar computer crime prevention and reputation defence in public/private institutions, i.e. orgs with a large number of computers and users. For instance for a crime like e-fraud, there might be noticeable traces to frequent access to confidential company finance information, midnight logins, or communication logs if more than one person is involved; if these can be detected and administrators warned in advance, a fraud incident could have been prevented. Another example is with teacher of a school viewing child pornography through school network, if evidence can be detected in advance and have the teacher fired, the school could prevent going through the trouble of a scandal announced publically on the media, and all the negative impact it can bring to the reputation of the school.
Re pragmatopian
no i haven't seen that movie actually, but now I shall watch it to find some inspiration D
–> could you please elaborate what you meant by the problem of ppl breaking court orders using Twitter and social networks? it does sound something worth including in my project ))
thank you both for your replies!! D
It sounds interesting, but how are you going to differentiate it from normal detection? No matter what tool or technique used, early detection and response will usually lead to preventing further crime.
It sounds interesting, but how are you going to differentiate it from normal detection?
Hi Audio, im thinking of incorporating some current searching and detection techniques.. text search for a blacklist of keywords within files.. browsing history.. network packets; porn image detection engine etc, i sorta thought of these from a "reverse engineering" perspective, thinking what evidence can usually be found in what crime and try detecting them. Do you think it's differentiated enough? )
Is "proactive forensics", or "proactive forensic science" a contradiction?
It is like pre-soup tasting.
Perhaps you should check out software such as SilentRunner, which monitors computers on a network. There are a few different pieces of software like that which sit on corporate computers, monitoring them silently.
I think the first thing you'd need to do is identify what would comprise your warning signs. If you're looking for fraud and white collar crime this could be quite difficult. I can't think of any signals offhand which might indicate ahead of time that fraud was about to take place.
In the case of the school teacher viewing child porn on a school computer this would be much easier. Scanning for URLs containing certain CP terms or using image analysis software to check if downloaded images are pornography would be possible.
I've selected my topic area to be "Proactive Forensics" for which I am looking to develop a forensic system with the ability to search for possible clues that may lead to a crime, and report it so the possible crime can be prevented before it can actually occur.
What particular crimes are you thinking of? Have you tried to identify them?
I think your subject seems pretty close to that of fraud indicators – those are usually picked up from transaction logs (regardless of transaction type), or 'suspicious behaviour' in general. For example, transactions that suggest someone is testing the system limits., or transaction that are supposed to be done manually, but happen faster that is considered the norm, etc. Multiple failed logins to a Internet gaming account might be an indication that someone is trying to use it illicitly, yet not be a crime in itself.
But that is not forensics – it's security. There need not be any degree of 'openness' in the decision about appropriate action.
So perhaps I misunderstand.