Hi everyone i'm new here so try not to be to hard on me P. I'm currently studying digital forensics at university in my final year. whilst i'm currently pretty happy with how its all coming along i can't help but feel i'd be doing a lot better with some feedback. listed below is an email i sent to the rest of my class for some feedback and i was hoping i could get some off of some vastly more qualified and experienced folk. The question below is mainly revolving around my literature review for the project whilst the step after this is for me to develop a framework/set of tests of anti forensic techniques and use this against 2 mobile forensic vendor's software. the tests will be carried out on 3 mobile OS's (android, Blackberry, OSx).
"Ok guys wondering if i could grab some feedback on my dissertation as i'm convinced im just writing complete crap lol and its all wrong. This is my Question " "To what extent do anti forensic techniques have a negative effect on the results achieved by mobile forensic software. "
the question i wanted to ask was surrounding the use of my secondary research questions which are as follows
Secondary Research questions
What are the different methods of anti-forensics ? ( thinking of modifying this by adding and there effect on evidence to the end )
-Cryptography
-Steganography
-Data sanitizers
-Meta data erasers
-Minimising footprints
-Memory injection – running programs without code, syscall proxying
-Attacking the forensic software – use buffer overflows to make programs crash, DOS attack compression bombs in zip files
What are the different types of anti-forensics ?
-Destroying evidence -
-Hiding evidence –
-Eliminating evidence sources –
-Counterfeiting evidence –
Do any of the Operating Systems being tested contain any anti forensic measures ?
-Blackberry encryption
-Android private folder - method
-Whole disk encryption – iOS
-Any other methods
Will automated procedures miss abnormal behaviour or out of place information, common place with the use of anti forensic tools?
Will cloud computing be considered an anti forensic technique ??
Do you guys think these secondary research questions are relevant??? can you think of anything else i should add/cut/replace and feedback would be greatly appricated. i asked my diss tutor and he replied with utter crap lol
sorry for the massive post thanks"
Any feedback that you could give would be hugely beneficial and greatly appreciated. Any links to any articles (although i already have well over 50 odd) would also help.
Thanks for your time
Zak
The whole point of the literature review is for you to discuss the important issues and factors relating to your topic. When I did my MSC project, I used mini essay type headings in order to take the theory and match it with my topic. If you've done the research you should already know what topics you will need to discuss and your supervisor should guide you in the right direction. If you want a good mark don’t just rewrite the theory, try and link the theory with your topic and create a discussion or mini essays to show you understand the theory and how it links with your topic and the different factors relating to that topic.
If you have only just decided to start your literature review or project last minute then you have set yourself up for a fail. I found it quite funny during my undergrad and master’s degree that people left their project until 2 months or even a week before its due. You should use your supervisor and ask for guidance, they cannot hold your hand but they can point you into the right direction. This is a big chunk of work and should take you a considerable amount of time to create, you shouldn’t be asking for feedback now, as especially since you should be nearing the end stage soon. During the start of your project you should have created a research plan underlining all the key areas etc so your literature review should have been planned out then. Remember your literature review only accounts to a few marks and your other sections will take up the other bulk of the grading, so try not to worry too much and ensure your evaluation and conclusions are solid as this tends to be where the marks are.
To sum what I'm trying to say is don’t dwell too much on the literature review and use your supervisor to help you ensure you produce a piece of quality work. Good luck but remember your project will be put through Turnitin so any forum posts will flag up.
Welshwaynejack, just some further info. I am currently a good way into my Project ive been working on it for months already. i have about 4-5k words already. the reason i sought some further advice was just because i thought i wasn't really going anywhere or at least that's what i'm thinking anyway. i do already have a plan but like i said i feel like it just lacks some focus that's all. My personal tutor isn't much help to be honest despite having numerous meetings with him already. regarding your marking structure to, i believe it to be slightly different for ours as im 90% sure it counts for like 40% of the overall grade but thanks for your advice non the less.
This is my Question " "To what extent do anti forensic techniques have a negative effect on the results achieved by mobile forensic software. "
I'm not exactly clear on your aim. Is this your overall dissertation question? Do you have a problem statement or something similar? What are you trying to achieve? Eg A tool / set of procedures / methods to examine certain artefacts….etc
There are so many scenarios that could be applied to that question. In fact you could write a book on the subject, therefore it may be wise to narrow your subject down to a particular technique (IE the use of wiping software on a given OS)
i asked my diss tutor and he replied with utter crap lol
In what respect was it "crap"?
Also - Have you defined the term anti-forensics? A lot of the methods which you describe are legitimate security techniques which can have an anti-forensic impact…..That being said they can also have a positive impact for the examiner. I've produced logs from wiping software which indicate the names of files that have been wiped - so some wiping tools are not as anti-forensic as people think.
Just some extra considerations. I know it doesn't answer your original questions - but good luck.
Dan first off apologies for the informal quote i used, it was between friends of my course i realise i should of maybe edited it before i posted here.
My aim is to create a framework/procedure, where one can follow to test said forensic software used. For example the tools i'll be using is Oxygen forensic suite and Parabens device seizure. So the idea is to have evidence stored on the phones, image the devices check results. then apply certain techniques and carry out the imaging again. Then move on to comparing the images to see if applying the techniques discussed have any effect on the outcome/results.
In my introduction chapter in dissertation i have clearly defined what anti forensics is and also talking about the issues you've raised about not being so anti forensic as they think.
Again i appreciate you taking the time to post a reply
Edit* In regards to the meeting with my personal tutor. he seems to suggest areas which don't seem at all relevant to the topic im suggesting which just leads to further confusion.
What i found helped me was to write down the headings on paper, then write what they refer to, and the relevance to the whole project, then juggle them around to see how they "flow" in the context of the project.
Literature review is hardest to construct and a LOT of reading journals and books is required in order to get enough viewpoints on the subject, and construct an argument with the information obtained, so you get one opposing and one contradictory statement etc.