Warning: this page needs updating!
Any of these could be a class project and grow into a master's thesis.
If you want a small programming project, you might also look at:
- Run Clamav on all the files in the corpus.
- Adapt fiwalk to handle ZIP archives.
- Write software to identify the contents of a 512-byte or 4096-byte sector.
- Is it part of a JPEG, ZIP, Word, or HTML file?
- Is it part of a file that has been seen before?
- Could it be one of many files?
- Is it encrypted?
- Given a sector, what can you say about the next sector? Can you create a theory and test it by scheduling additional reads?
- What can you tell about a hard drive by picking 10000 random sectors? (They have to be random to prevent an adversary from simply hiding data in sectors where you aren't looking.)
- We are developing and end-to-end system that ingests disk partitions and outputs finished intelligence products. We need:
- Development of feature extraction and correlation algorithms.
- Development of intelligence-quality reports.
- User studies of people in the field who would use this technology.
- Packaging for use in the field
- Systematically analyze the chat logs on multiple systems and correlate them.
- Add linguistic analysis.
Build a system that automatically databanks extracted "features" from disk images and:
- Performs cross-correlation between different disk images.
- Automatically determines which features are important, and which are part of the background.
- Translates important features into English.
Game Console Forensics
We have the following game consoles. Figure out how to get information out of them:
- Sony PlayStation 3
Explore their online services. Acquire game console development kits.
Computer Forensic Tool Testing
A write blocker is a device that does not allow writes through but allows reads. We have purchased several of them.
- Develop software to automatically test write-blockers.
We have many kinds of bad media, including Flash drives that always read differently, hard drives with known bad sectors, and devices that were captured overseas.
- Figure out what's going on with the bad media we've got.
- Write software that can characterize the bad media.
- Develop algorithms and software that can report on minor differences between disk drives.
Computer Forensics Tools
- End-to-End ingest to reporting. Take our tools and develop software that automatically images, uploads the disk image to the server, and ingests. Support offline synchronization.
- Redaction Program. Simson has developed an initial version. Expand it, refine it, and test it in the field.
- Automated clustering of files, documents, metadata, people, facebook pages, etc.
- Add recursive processing to fiwalk.
- Automatically determine a system's clock skew by comparing timestamps on HTML files with internal time stamps.
- Show number in each direction
- Balanced vs. unbalanced
- When does receiving a message cause another to be sent out?
- Do any of the above, but for a network connection.
- Add cool visualizations to the above.
- Improve on the timeline and other outputs created by TSK or autopsy by creating visual representation (bar graphs, histograms, etc.)
- File visualizer
- Image a lot of media
- Get the wiping system in order
Privacy-Sensitive Web Hosting
- What does this mean?
- How can we webhost in a privacy-sensitive manner?