Hi all this is my first post -)
I am a final year student on a computing degree programme. I'm just looking for ideas to perhaps create a final project on. One such area is computer forensics. I have a small amount of knowledge on encase and coroner's tool kit (what they do why they are used etc). I was wondering if anyone had any idea's they could lend me? To perhaps improve on a current aspect of forensic investigation using computers. Or maybe even a non-investigative aspect but is still related to the broad subject of computer forensics (a filing tool? or something to aid an expert in court?).
One of my ideas
I was thinking about creating something that does not involve creating an image of a hard disk to recover deleted files (far too complicated to code or is it? I have no idea at the moment). Maybe just a simple tool to look at deleted emails and visited web sites real time (windows registry maybe?).
Any idea's/comments are welcome (I have had a quick think about why I would want to do it, perhaps to benefit smaller companies who handle confidential information (who don’t have the budget/man power to get security experts in or to teach a member of their own team)
Any comments/idea's are welcome -)
-Rick
Maybe just a simple tool to look at deleted emails and visited web sites real time (windows registry maybe?).
That sort of thing isn't maintained in the Registry, for the most part. Yes, there is the TypedURLMRU key, and the UserAssist keys, but they don't really provide definitive information.
One thing I see time and again is timeline analysis. I blogged on this, and I've seen it in various forums…but so far, no real solutions.
H. Carvey
"Windows Forensics and Incident Recovery"
http//
http//windowsir.blogspot.com
I second Harlan, with the timeline analysis. just from a number of the posts on here it seems to be an ongoing discussion