Project requirements for Masters project

Hi Ashar,

There aren't strict requirements - the page is meant to inspire projects. There used to be quite a few posts on FF which were along the lines of "I'm doing a forensics degree - what sort of project can I do?" and this page was built with the idea of providing you with some interesting options.

With regard to proceeding with the specific items

1) "Solid-State Drives (SSDs)"

As the page says, there is still some work to be done on this area. For example, how efficient is the garbage collecting on these drives? If I download a lot of data, delete it and then switch off the power, in theory the data should stay. But conventional wisdom on SSDs says that it will run garbage collection processes like TRIM and zero any unallocated blocks / clusters - when does this happen? If you leave the SSD powered on for an hour? For an hour with no activity? For two hours? For a handful of minutes? Does it change dependent on the manufacturer? Or the OS?

2) "application forensics e.g. Gigatribe, Skype (file transfer), Dropbox (the app - not the web app)."

This is fairly straightforward; take an application and examine it for artefacts. Internet-based applications tend to be fertile grounds for this.
You can either look at artefacts recovered by suites such as IEF or Belkasoft Evidence Centre and attempt to decode/recover something which neither of them does, or you can take a specific artefact which currently has no open-sourced solution, write something to parse it and then stick it on github )
There is no programming language requirement, although many open source tools these days are written in either Perl or (increasingly) Python so you might want to look into one of those. Of course, there is no requirement to write something which parses it; you could just stick to the analysis of it's behaviour.

Hope this helps. Good luck! And please share the repo if you make something good (or even if you fail in some heroic way!) )

I would add that the "sphere of interest" and also "needed tools" is very different for the two topics.

For #1 I would say that the idea is to continue on the steps of the "WEI" paper
https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf
See also
https://articles.forensicfocus.com/2012/10/23/why-ssd-drives-destroy-court-evidence-and-what-can-be-done-about-it/
However this topic will require some specialized hardware and buying a certain number of current devices on the market, so you will need a certain budget just for the purchase of the material to be tested.

For #2 it is "pure software" instead (and has no or very little cost), basically you make a new install (let's say a VM), you install to it a chosen program, devise a repeatable, explicit, set of (common and less common) actions within the software intended usage paradigm, collect and analyze all created artifacts.

If we want, we could say that #1 is at the same more practical and "hands on" but has as a result something that will be more "theoretical" and "informative" than actually "practical" or "useful" in the real world, whilst the #2 has a higher level of abstraction (creating the test cases), and possibly some added complexities (in the analysis of the artifacts) but the result might (should) be something actually "useful" in the real world, as it could be a tool to gather and analyze artifacts..

As a programming language, I would anyway avoid a programming language 😯 but rather use a scripting one, I would also recommend the Python (which has the advantage of being largely cross-platform and running under almost *any* OS) which is at the same time powerful enough and relatively easy to learn.

jaclaz

Thanks everyone for the inputs. I will start doing homework on this. )
Thanks again