Forums
Main Category
General (Technical,...
What Forensics soft...
 
Notifications
Clear all

What Forensics software should I create for my degree?

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Logg 16 years ago
19 Posts
12 Users
0 Reactions
1,452 Views
RSS
 Nizmon
(@nizmon)
Eminent Member
Joined: 16 years ago
Posts: 35
Topic starter 10/06/2009 7:04 am  

I need your help please. I have to create a piece of software for my degree which is in Forensics so it has to be Forensics based. I would like you ideas of what software would help you, and what needs looking more into.

I only ask that…

1. You don't give ideas for huge pieces of software i.e make a free version of EnCase I have about 300 hours to spend.

2. It will be wrote it Java so will be cross platform but please stick to Windows as that's what I know and love (although I have an affair with my Mac).

3. If you give an idea please say what you would like the software to do i.e Link Files - software that would extract them and place them in date order or an order of your choice.

I would be very greatful for any ideas, the MORE the BETTER as I can mix it up a little.

I look forward to the challange, I'm sure I will posting a new topic "Forensics degree software, beta testers needed" D

Many thanks in advance
James


   
Quote
pbobby
 pbobby
(@pbobby)
Estimable Member
Joined: 16 years ago
Posts: 239
10/06/2009 7:19 pm  

Parse the WMI information stores in the system32\wbem folder structure.

That way we can conduct WMI queries against a deadbox.


   
ReplyQuote
 johnR
(@johnr)
Eminent Member
Joined: 16 years ago
Posts: 25
10/06/2009 8:48 pm  

Would that be a good idea? ?I've already got a WMI application that works across the network using C#. I'm not stealing the idea Niz, just querying


   
ReplyQuote
 Nizmon
(@nizmon)
Eminent Member
Joined: 16 years ago
Posts: 35
Topic starter 11/06/2009 1:19 am  

Would that be a good idea? ?I've already got a WMI application that works across the network using C#. I'm not stealing the idea Niz, just querying

That's OK john, the more ideas the better. Can you think of any application that would help you?


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
11/06/2009 1:45 am  

Statistical analysis of written digital document to show percent likelihood the document was written by a specific individual

digital image evaluation to show percent of probability of modification or alteration, en masse

digital image comparison using automatic resizing and rotation to original, returning percent probability of match, en masse


   
ReplyQuote
 johnR
(@johnr)
Eminent Member
Joined: 16 years ago
Posts: 25
11/06/2009 3:52 am  

Could there be anything to develop for internet investigations?


   
ReplyQuote
Thomas
 Thomas
(@thomas)
Trusted Member
Joined: 19 years ago
Posts: 59
11/06/2009 4:27 am  

Hello Nizmon,

I'd like to see something simular as PC On/Off Time http//www.neuber.com/free/pctime/index.html , but in a forensic manner. Its a nice tool, but no save option. Another simular tool is PCUsageViewer http//www.pointstone.com/products/PCUsageViewer/ This one has a save option, but no remote viewing.
Maybe you can implement some more options, like who has been logged in and which applications they possible have used, hibernation time, etc.
Microsoft has some nice information about it. Look at http//www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp

Good luck! Let me know when you need beta testers. No matter what program you gonna develope.


   
ReplyQuote
 johnR
(@johnr)
Eminent Member
Joined: 16 years ago
Posts: 25
11/06/2009 5:06 am  

Hello Nizmon,

I'd like to see something simular as PC On/Off Time http//www.neuber.com/free/pctime/index.html , but in a forensic manner. Its a nice tool, but no save option. Another simular tool is PCUsageViewer http//www.pointstone.com/products/PCUsageViewer/ This one has a save option, but no remote viewing.
Maybe you can implement some more options, like who has been logged in and which applications they possible have used, hibernation time, etc.
Microsoft has some nice information about it. Look at http//www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp

May I ask what benefit this would be to an investigator? I'm assuming this would be a live forensic application?


   
ReplyQuote
pbobby
 pbobby
(@pbobby)
Estimable Member
Joined: 16 years ago
Posts: 239
12/06/2009 12:00 am  

Would that be a good idea? ?I've already got a WMI application that works across the network using C#. I'm not stealing the idea Niz, just querying

My post was to conduct WMI analysis against a deadbox.


   
ReplyQuote
 johnR
(@johnr)
Eminent Member
Joined: 16 years ago
Posts: 25
12/06/2009 3:06 am  

What do you mean by a deadbox?


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: