Research Ideas

From deep
Jump to: navigation, search

Warning: this page needs updating!

Any of these could be a class project and grow into a master's thesis.

If you want a small programming project, you might also look at:

Small Projects

  • Run Clamav on all the files in the corpus.
  • Adapt fiwalk to handle ZIP archives.

Sector Discrimination

  • Write software to identify the contents of a 512-byte or 4096-byte sector.
    • Is it part of a JPEG, ZIP, Word, or HTML file?
    • Is it part of a file that has been seen before?
    • Could it be one of many files?
    • Is it encrypted?
  • Given a sector, what can you say about the next sector? Can you create a theory and test it by scheduling additional reads?
  • What can you tell about a hard drive by picking 10000 random sectors? (They have to be random to prevent an adversary from simply hiding data in sectors where you aren't looking.)

Batch Reporting

  • We are developing and end-to-end system that ingests disk partitions and outputs finished intelligence products. We need:
    • Development of feature extraction and correlation algorithms.
    • Development of intelligence-quality reports.
    • User studies of people in the field who would use this technology.
    • Packaging for use in the field
  • Systematically analyze the chat logs on multiple systems and correlate them.
  • Add linguistic analysis.

Datasphere Repository

Build a system that automatically databanks extracted "features" from disk images and:

  • Performs cross-correlation between different disk images.
  • Automatically determines which features are important, and which are part of the background.
  • Translates important features into English.

Game Console Forensics

We have the following game consoles. Figure out how to get information out of them:

  • XBox360
  • Wii
  • Sony PlayStation 3

Explore their online services. Acquire game console development kits.

Computer Forensic Tool Testing

A write blocker is a device that does not allow writes through but allows reads. We have purchased several of them.

  • Develop software to automatically test write-blockers.

We have many kinds of bad media, including Flash drives that always read differently, hard drives with known bad sectors, and devices that were captured overseas.

  • Figure out what's going on with the bad media we've got.
  • Write software that can characterize the bad media.
  • Develop algorithms and software that can report on minor differences between disk drives.

Computer Forensics Tools

  • End-to-End ingest to reporting. Take our tools and develop software that automatically images, uploads the disk image to the server, and ingests. Support offline synchronization.
  • Redaction Program. Simson has developed an initial version. Expand it, refine it, and test it in the field.
  • Automated clustering of files, documents, metadata, people, facebook pages, etc.
  • Add recursive processing to fiwalk.
  • Automatically determine a system's clock skew by comparing timestamps on HTML files with internal time stamps.

Email Flows

  • Show number in each direction
  • Balanced vs. unbalanced
  • When does receiving a message cause another to be sent out?

Network Interceptions

  • Do any of the above, but for a network connection.

Visualization

  • Add cool visualizations to the above.
  • Improve on the timeline and other outputs created by TSK or autopsy by creating visual representation (bar graphs, histograms, etc.)
  • File visualizer

Grunt-Work

  • Image a lot of media
  • Get the wiping system in order

Non-Forensic Ideas

Privacy-Sensitive Web Hosting

  • What does this mean?
  • How can we webhost in a privacy-sensitive manner?