Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: kmb
New Today: 1
New Yesterday: 1
Overall: 29417

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Hostile work enviornment
 Can anyone suggest me a topic under printers forensics
 Unallocated clustered as court evidence
 Encryption
 I know how to recover ost file 2016

Computer Forensics World Forums


Pages Served
We received
53053079
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Thesis Ideas...
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Thesis Ideas...

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Training and Education
View previous topic :: View next topic  
Author Message
Dangy
Newbie
Newbie


Joined: Jan 15, 2007
Posts: 2

PostPosted: Mon Jan 15, 2007 8:56 pm    Post subject: Thesis Ideas... Reply with quote

Hi All,

I am just starting a Masters in Computer Forensics and have to get an idea for a topic to do my Thesis on...

I was looking at Phishing, but its been done and done...

I am new to forensics and not sure of all the (possibly 100's) of different angles to take for this project...

Could people please post up some interesting topic ideas... I can do the research, but need something that will be meaty, but also with plenty of information available...

Some ideas I had were -

Research into the security issues with Vista... is it all its cracked up to be?
Phishing (which was rejected Sad )

Any help is much appreciated!

Thanks.
Back to top
View user's profile
Pacman
Newbie
Newbie


Joined: Oct 13, 2005
Posts: 12

PostPosted: Tue Jan 16, 2007 12:05 am    Post subject: Reply with quote

The use of Virtual Machine/PC software in Computer Forensics.

Pacman
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Tue Jan 16, 2007 12:13 am    Post subject: Reply with quote

The use of virtual hard drives to prevent data recovery since the data never gets stored on a permanent media.
Back to top
View user's profile
selil
Newbie
Newbie


Joined: Sep 12, 2006
Posts: 86

PostPosted: Tue Jan 16, 2007 12:23 am    Post subject: Reply with quote

Knowing the answers is good, but knowing good questions is better. First when trying to get an idea about research think about everything in questions not topics. "Phishing" is a topic, "Is their a direct correlation between the elderly and phishing?" is a research question. Keeping a research question narrow enough while allowing for interesting dilemma is a skill only time will give you.

So some interesting research questions .....

"Ncrypt and true crypt: Is it possible to detect and if so analyze forensically?"

"Convergent devices (e.g. Apple TV): what are the relevant new issues of auto syncing devices within a network to the pillars of criminal behavior (motive, opportunity, etc. )?"

"On line web/email accounts (.mac, Exchange, file drawer) current methods to seize data and what are the possible future directions as storage size increases?"

A good hypothesis should answer most of the who, what, where, why, when, and how questions. More importantly it should identify the subject and scope in such a way as it can be measured.
Back to top
View user's profile
Dangy
Newbie
Newbie


Joined: Jan 15, 2007
Posts: 2

PostPosted: Tue Jan 16, 2007 2:30 am    Post subject: Reply with quote

Thanks guys,

Never thought about looking at it as a question... does put a new perspective on it!

Some good ideas... I will be putting them forward and seeing what response I get... hopefully good!

I have till Wednesday... I be racking my brain for the next two days to have at least 10 good Thesis worthy topics!

Studying is so hard... I still holding out for 6 numbers...! Very Happy

Thanks.
Back to top
View user's profile
ddow
Newbie
Newbie


Joined: Jul 19, 2006
Posts: 460

PostPosted: Tue Jan 16, 2007 12:19 pm    Post subject: Reply with quote

Wow, just starting and working on a Thesis topic? I had 18 months before having to decide.

Lots of room for formal research, depending on your interests. Network forensics; anything related to qualifiying as an expert witness (error rates comes to mind); what is valid evidence of "being hacked?"; Vista will open up some topics.

What are your interests? How much flexability do you have? Strict research on a "traditional thesis" or can you do a practical project?

Dennis
Back to top
View user's profile
confused01
Newbie
Newbie


Joined: Jul 27, 2009
Posts: 2

PostPosted: Mon Jul 27, 2009 10:00 pm    Post subject: Reply with quote

hi there,

i have a similar problem i am suppose to be doing my MSc computer forensics thesis and i have a problem getting a topic, i have looked at what was suggest but was just interested if anyone had any more ideas i guess in this case it gives more options, i have talked to my supervisor about mobile forensics and he turned that down, i was mentioning virtual forensics as well and looking at if the information is any different or if carrying out computer forensics investigations virtually does anything to the data etc. that was rejected and i had a few others and my time is going and im just frustrated, i need a more practical topic as my lecturers are twats and dont want too much reseach type topics so can anyone help?
Back to top
View user's profile
ddow
Newbie
Newbie


Joined: Jul 19, 2006
Posts: 460

PostPosted: Mon Jul 27, 2009 11:01 pm    Post subject: Reply with quote

It would help us to know what the boundries of your project are. Why was mobile forensics turned down? Are they looking for practical vs academic research? Can you code and would you want that? Where in the world are you - educational system vary greatly.

Most importantly, what are you into? You'll live with this for quite a while so you'd better enjoy it.
Back to top
View user's profile
confused01
Newbie
Newbie


Joined: Jul 27, 2009
Posts: 2

PostPosted: Tue Jul 28, 2009 12:41 am    Post subject: Reply with quote

hi ddow,
Thanks for responding, I am going to a university in London, i dont want to sound negative but i think part of my lecturers problems is none of them are in the CF field nor ever worked in it, so they dont have much experience and so when i and a few other uni mates suggested topics like mobile forensics etc they turned it down because they said suppose u get stuck we cant help..so most of them are programmers at heart so they encourage more practical stuff like writing a program cuz thats what they know and therefore can mark it so it works or it doesn't if u do more research they say its okaaaay but u would get more marks or a better grade for something practical...that being said i have 7wks to do my thessis now caz of some health issues and i cant program so i was looking for something that didnt mean i had to code, i would have liked to do something with live forensics or virtual forensics or even mac forensics as i own a mac but i think all they want to hear is progam and my supervisor doesnt know a think bout CF so i explain alot to him and im just STRESSED!!
Back to top
View user's profile
chrisc
Newbie
Newbie


Joined: Jan 11, 2007
Posts: 22

PostPosted: Wed Nov 25, 2009 7:12 pm    Post subject: Reply with quote

Hi all,

Im also needing to think of ideas for my final year project. This requires researching an area of computer forensics and creating a piece of software to deal with these.

Examples of ideas include sat nav forensics....creating a piece of software to extract data from a sat nav device. however, a friend is doing this so i would prefer to avoid it.

I am interested in Mac forensics but dont currently own a mac, mainly down to the cost. I was also thinking about PS3 forensics....but this seemed rather complicated when i did some background research.
Back to top
View user's profile
dangutdavid
Newbie
Newbie


Joined: May 22, 2014
Posts: 1

PostPosted: Fri May 23, 2014 6:51 am    Post subject: Computer forensic project topic Reply with quote

Research Topics
Jump to: navigation, search

Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is our list. Please feel free to add your own ideas.

Many of these would make a nice master's project.
Programming/Engineering Projects
Small-Sized Projects

Sleuthkit

Rewrite SleuthKit sorter in C++ to make it faster and more flexible.

tcpflow

Modify tcpflow's iptree.h implementation so that it only stores discriminating bit prefixes in the tree, similar to D. J. Bernstein's Crit-bit trees.
Determine why tcpflow's iptree.h implementation's prune works differently when caching is enabled then when it is disabled

Medium-Sized Non-Programming Projects
Digital Forensics Education

Survey existing DFE programs and DF practitioners regarding which tools they use. Report if the tools being taught are the same as the tools that are being used.

Improving quality of forensic examination reports

Defense asks you: "When did you update your antivirus program during the forensic examination?", what will you reply: date, or date/hour, or date/hour/minute? How many virus signatures can be added and then excluded as false positives in 24 hours? Does mirroring of signature update servers make date/hour, date/hour/minute answers useless?

Medium-Sized Development Projects
Forensic File Viewer

Create a program that visualizes the contents of a file, sort of like hexedit, but with other features:
Automatically pull out the strings
Show histogram
Detect crypto and/or stenography.
Extend SleuthKit's fiwalk to report the NTFS alternative data streams.

Data Sniffing

Create a method to detect NTFS-compressed cluster blocks on a disk (RAW data stream). A method could be to write a generic signature to detect the beginning of NTFS-compressed file segments on a disk. This method is useful in carving and scanning for textual strings.

SleuthKit Modifications

Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK.
Modify SleuthKit's API so that the physical location on disk of compressed files can be learned.

Anti-Frensics Detection

A pluggable rule-based system that can detect the residual data or other remnants of running a variety of anti-forensics software

Carvers

Develop a new carver with a plug-in architecture and support for fragment reassembly carving. Take a look at:

Carver 2.0 Planning Page
(Rainer Poisel') Multimedia File Carver, which allows for the reassembly of multimedia fragmented files.

Correlation Engine

Logfile correlation
Document identity identification
Correlation between stored data and intercept data
Online Social Network Analysis

Data Snarfing/Web Scraping

Find and download in a forensically secure manner all of the information in a social network (e.g. Facebook, LinkedIn, etc.) associated with a targeted individual.
Determine who is searching for a targeted individual. This might be done with a honeypot, or documents with a tracking device in them, or some kind of covert Facebook App.
Automated grouping/annotation of low-level events, e.g. access-time, log-file entry, to higher-level events, e.g. program start, login

Timeline analysis

Mapping differences and similarities in multiple versions of a system, e.g. those created by Windows Shadow Volumes but not limited to
Write a new timeline viewer that supports Logfile fusion (with offsets) and provides the ability to view the logfile in the frequency domain.

Enhancements for Guidance Software's Encase

Develop an EnScript that allows you to script EnCase from Python. (You can do this because EnScripts can run arbitrary DLLs. The EnScript calls the DLL. Each "return" from the DLL is a specific EnCase command to execute. The EnScript then re-enters the DLL.)

Analysis of packet captures

Identifying various types of DDoS attacks from capture files (pcap): extracting attack statistics, list of attacking bots, determining the type of attack (TCP SYN flood, UDP/ICMP flood, HTTP GET/POST flood, HTTP flood with browser emulation, etc).

Reverse-Engineering Projects
Application analysis

Reverse the on-disk structure of the Extensible Storage Engine (ESE) Database File (EDB) format to learn:
Fill in the missing information about older ESE databases
Exchange EDB (MAPI database), STM
Active Directory (Active Directory working document available on request)
Reverse the on-disk structure of the Lotus Notes Storage Facility (NSF)
Reverse the on-disk structure of Microsoft SQL Server databases

Volume/File System analysis

Analysis of inter snapshot changes in Windows Shadow Volumes
Modify SleuthKit's NTFS implementation to support NTFS encrypted files (EFS)
Extend SleuthKit's implementation of NTFS to cover Transaction NTFS (TxF) (see NTFS)
Physical layer access to flash storage (requires reverse-engineering proprietary APIs for flash USB and SSD storage.)
Add support to SleuthKit for ReFS.


Error Rates

Develop improved techniques for identifying encrypted data. (It's especially important to distinguish encrypted data from compressed data).
Quantify the error rate of different forensic tools and processes. Are these rates theoretical or implementation dependent? What is the interaction of the error rates and the Daubert standard?

Research Areas

These are research areas that could easily grow into a PhD thesis.

General-purpose detection of:
Stegnography
Sanitization attempts
Evidence Falsification (perhaps through inconsistency in file system allocations, application data allocation, and log file analysis.
Visualization of data/information in digital forensic context
SWOT of current visualization techniques in forensic tools; improvements; feasibility of 3D representation;
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Fri May 23, 2014 10:12 am    Post subject: Reply with quote

Way to bring the long dead back to life.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Training and Education All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.