Knowing the answers is good, but knowing good questions is better. First when trying to get an idea about research think about everything in questions not topics. "Phishing" is a topic, "Is their a direct correlation between the elderly and phishing?" is a research question. Keeping a research question narrow enough while allowing for interesting dilemma is a skill only time will give you.
So some interesting research questions .....
"Ncrypt and true crypt: Is it possible to detect and if so analyze forensically?"
"Convergent devices (e.g. Apple TV): what are the relevant new issues of auto syncing devices within a network to the pillars of criminal behavior (motive, opportunity, etc. )?"
"On line web/email accounts (.mac, Exchange, file drawer) current methods to seize data and what are the possible future directions as storage size increases?"
A good hypothesis should answer most of the who, what, where, why, when, and how questions. More importantly it should identify the subject and scope in such a way as it can be measured.
Wow, just starting and working on a Thesis topic? I had 18 months before having to decide.
Lots of room for formal research, depending on your interests. Network forensics; anything related to qualifiying as an expert witness (error rates comes to mind); what is valid evidence of "being hacked?"; Vista will open up some topics.
What are your interests? How much flexability do you have? Strict research on a "traditional thesis" or can you do a practical project?
i have a similar problem i am suppose to be doing my MSc computer forensics thesis and i have a problem getting a topic, i have looked at what was suggest but was just interested if anyone had any more ideas i guess in this case it gives more options, i have talked to my supervisor about mobile forensics and he turned that down, i was mentioning virtual forensics as well and looking at if the information is any different or if carrying out computer forensics investigations virtually does anything to the data etc. that was rejected and i had a few others and my time is going and im just frustrated, i need a more practical topic as my lecturers are twats and dont want too much reseach type topics so can anyone help?
It would help us to know what the boundries of your project are. Why was mobile forensics turned down? Are they looking for practical vs academic research? Can you code and would you want that? Where in the world are you - educational system vary greatly.
Most importantly, what are you into? You'll live with this for quite a while so you'd better enjoy it.
Thanks for responding, I am going to a university in London, i dont want to sound negative but i think part of my lecturers problems is none of them are in the CF field nor ever worked in it, so they dont have much experience and so when i and a few other uni mates suggested topics like mobile forensics etc they turned it down because they said suppose u get stuck we cant help..so most of them are programmers at heart so they encourage more practical stuff like writing a program cuz thats what they know and therefore can mark it so it works or it doesn't if u do more research they say its okaaaay but u would get more marks or a better grade for something practical...that being said i have 7wks to do my thessis now caz of some health issues and i cant program so i was looking for something that didnt mean i had to code, i would have liked to do something with live forensics or virtual forensics or even mac forensics as i own a mac but i think all they want to hear is progam and my supervisor doesnt know a think bout CF so i explain alot to him and im just STRESSED!!
Im also needing to think of ideas for my final year project. This requires researching an area of computer forensics and creating a piece of software to deal with these.
Examples of ideas include sat nav forensics....creating a piece of software to extract data from a sat nav device. however, a friend is doing this so i would prefer to avoid it.
I am interested in Mac forensics but dont currently own a mac, mainly down to the cost. I was also thinking about PS3 forensics....but this seemed rather complicated when i did some background research.
Posted: Fri May 23, 2014 6:51 am Post subject: Computer forensic project topic
Jump to: navigation, search
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is our list. Please feel free to add your own ideas.
Many of these would make a nice master's project.
Rewrite SleuthKit sorter in C++ to make it faster and more flexible.
Modify tcpflow's iptree.h implementation so that it only stores discriminating bit prefixes in the tree, similar to D. J. Bernstein's Crit-bit trees.
Determine why tcpflow's iptree.h implementation's prune works differently when caching is enabled then when it is disabled
Medium-Sized Non-Programming Projects
Digital Forensics Education
Survey existing DFE programs and DF practitioners regarding which tools they use. Report if the tools being taught are the same as the tools that are being used.
Improving quality of forensic examination reports
Defense asks you: "When did you update your antivirus program during the forensic examination?", what will you reply: date, or date/hour, or date/hour/minute? How many virus signatures can be added and then excluded as false positives in 24 hours? Does mirroring of signature update servers make date/hour, date/hour/minute answers useless?
Medium-Sized Development Projects
Forensic File Viewer
Create a program that visualizes the contents of a file, sort of like hexedit, but with other features:
Automatically pull out the strings
Detect crypto and/or stenography.
Extend SleuthKit's fiwalk to report the NTFS alternative data streams.
Create a method to detect NTFS-compressed cluster blocks on a disk (RAW data stream). A method could be to write a generic signature to detect the beginning of NTFS-compressed file segments on a disk. This method is useful in carving and scanning for textual strings.
Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK.
Modify SleuthKit's API so that the physical location on disk of compressed files can be learned.
A pluggable rule-based system that can detect the residual data or other remnants of running a variety of anti-forensics software
Develop a new carver with a plug-in architecture and support for fragment reassembly carving. Take a look at:
Carver 2.0 Planning Page
(Rainer Poisel') Multimedia File Carver, which allows for the reassembly of multimedia fragmented files.
Document identity identification
Correlation between stored data and intercept data
Online Social Network Analysis
Data Snarfing/Web Scraping
Find and download in a forensically secure manner all of the information in a social network (e.g. Facebook, LinkedIn, etc.) associated with a targeted individual.
Determine who is searching for a targeted individual. This might be done with a honeypot, or documents with a tracking device in them, or some kind of covert Facebook App.
Automated grouping/annotation of low-level events, e.g. access-time, log-file entry, to higher-level events, e.g. program start, login
Mapping differences and similarities in multiple versions of a system, e.g. those created by Windows Shadow Volumes but not limited to
Write a new timeline viewer that supports Logfile fusion (with offsets) and provides the ability to view the logfile in the frequency domain.
Enhancements for Guidance Software's Encase
Develop an EnScript that allows you to script EnCase from Python. (You can do this because EnScripts can run arbitrary DLLs. The EnScript calls the DLL. Each "return" from the DLL is a specific EnCase command to execute. The EnScript then re-enters the DLL.)
Analysis of packet captures
Identifying various types of DDoS attacks from capture files (pcap): extracting attack statistics, list of attacking bots, determining the type of attack (TCP SYN flood, UDP/ICMP flood, HTTP GET/POST flood, HTTP flood with browser emulation, etc).
Reverse the on-disk structure of the Extensible Storage Engine (ESE) Database File (EDB) format to learn:
Fill in the missing information about older ESE databases
Exchange EDB (MAPI database), STM
Active Directory (Active Directory working document available on request)
Reverse the on-disk structure of the Lotus Notes Storage Facility (NSF)
Reverse the on-disk structure of Microsoft SQL Server databases
Volume/File System analysis
Analysis of inter snapshot changes in Windows Shadow Volumes
Modify SleuthKit's NTFS implementation to support NTFS encrypted files (EFS)
Extend SleuthKit's implementation of NTFS to cover Transaction NTFS (TxF) (see NTFS)
Physical layer access to flash storage (requires reverse-engineering proprietary APIs for flash USB and SSD storage.)
Add support to SleuthKit for ReFS.
Develop improved techniques for identifying encrypted data. (It's especially important to distinguish encrypted data from compressed data).
Quantify the error rate of different forensic tools and processes. Are these rates theoretical or implementation dependent? What is the interaction of the error rates and the Daubert standard?
These are research areas that could easily grow into a PhD thesis.
General-purpose detection of:
Evidence Falsification (perhaps through inconsistency in file system allocations, application data allocation, and log file analysis.
Visualization of data/information in digital forensic context
SWOT of current visualization techniques in forensic tools; improvements; feasibility of 3D representation;
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum