MSc Forensic Computing Project Proposal from Richard Howley

Transcription

1 Suggested title: MSc Forensic Computing Project Proposal from Richard Howley Forensic Tools and Techniques: A critical review of current and future professional practice. Digital forensics (DF) is a new profession that has developed rapidly over the last decade. It is presumed that this growth is a consequence of several related factors, such as: 1. Increased reliance on data and data processing systems 2. Increased provision for, and access to, computer/internet resources 3. Greater awareness of opportunities for abuse/misuse 4. Portability of digital resources and access 5. Etc. Responding to DF incidents has been largely reactive and localised. Digital forensic practitioners, usually from an IT security background, have bought with them the tools and techniques of IT security and applied them to DF. As yet no one has mapped the UK DF landscape with regard to who does what?, how and why'? This project seeks to address this knowledge gap.

2 Suggested title: MSc Forensic Computing Project Proposal from Richard Howley Open source.v. proprietary: A theoretical and practical evaluation. DF practitioners make extensive use of open source and self-developed tools to support their DF practise. At the same time as this there are a large number of propriety tools available in the market place that claim to provide a solution to our DF needs. By undertaking original empirical research this project will identify patterns of current practice in the UK DF field with regard to: 1. Who uses what and why? 2. Attitudes to open source and propriety DF software 3. How comprehensive are proprietary tools and what OS tools are used to plug identified gaps in coverage? 4. What are the most/least popular tools and why? 5. How are DF tools tested and verified within organisations? 6. Evaluating the effectiveness of current testing and verification strategies. 7. Etc. Software evaluation needed This project is likely to require a thorough review of the literature on software evaluation followed by the design of software testing lab experiments.

3 Suggested title: MSc Forensic Computing Project Proposal from Richard Howley Memory dump analysis: Techniques and practices and a template for improvement. As memory increases in size and the ability to acquire it as part of a DF investigation becomes normal we need to be able to explore and interpret memory data in a fast and reliable manner. Memory analysis is still regarded as relatively new and difficult to harvest meaningful information from. This project will: 1. Review current recommended (in the literature) strategies for acquiring and interpreting memory data. 2. Design and undertake original empirical research into current practices in memory forensics. 3. Examine the extent to which current professional practice matches (or not) the recommended strategies found in the literature. 4. Propose a template or set of analytical procedures to improve the process of memory analysis. These procedures must be grounded in your research finding and fully tested using a lab experimental design process. It is also expected that this project will involve primary research methods to collect and analyse data from individuals and lab experiments as a research process. A complete research report and associated research instruments. It is quite likely that this

4 MSc Forensic Computing Project Proposal from Richard Howley Suggested title: The practice of digital investigations a critical review and proposed improvements. We are a new profession and as such many of our procedures and practices are relatively new and are still evolving. This project seeks to establish current practices in the field of DF and to identify what the major challenges are expected to be in the next five years. It is also expected that current practitioners in DF will be able to offer an anticipated response to those challenges if and when they materialise.

5 MSc Forensic Computing Project Proposal from Richard Howley Suggested title: An empirical investigation into the role and place of forensic triage in IR. Triage is widely acknowledged today as a way of dealing with large data sets and limited time to acquire and analyse it which characterise modern incident response. There is, however, very little literature on what triage is, what tools can be used and how they are being used at present. This project addresses this knowledge gap. This project will also discover and document the attitudes and concerns of those responsible for, or currently considering, using triage as part of their IR procedures.

6 MSc Forensic Computing Project Proposal from Richard Howley Suggested title: Virtual forensics What are the challenges and are we ready? Virtualisation is widely seen as a technology with huge potential to transform the way we work with computers and as such the DF challenges are already being noted. Some toolkits already provide the means to acquire live and or deleted virtual machines and to analyse them in the same way we do ordinary machines, but it is expected that once larger virtual structures become commonplace the DF challenges will grow rapidly. This project will: 1. Map out the anticipated demand for and usage of virtualisation in organisations. 2. Identify the main security risks and DF responses that have been identified. 3. Evaluate the tools and techniques currently available in the DF field and assess the extent to which they will support us in facing the challenges of virtualisation. 4. Propose and validate new tools and procedures to better support the DF process in virtual environments.

7 Suggested title: MSc Forensic Computing Project Proposal from Richard Howley Windows live forensics: Best practice in tools and techniques. The importance of Windows as a platform cannot be overstated and as such there are a wide range of tools and techniques available to support Windows Live Forensics (WLF). The project will identify current professional practices in WLF, identify the range of tools used and document the rationale behind the use of certain tools. Once the most widely used tools and procedures are identified these will then be tested in a set of lab based experiments to ascertain whether the claims made for them, or the anticipated benefits are real.

8 MSc Forensic Computing Project Proposal from Richard Howley Suggested title: A critical review of [digital forensics] OR [Security] in the cloud. It is anticipated that the cloud is about to roll over us all and radically change the way we work and in particular the way we engage with data. This project will: 1. Identify, through a literature review and primary research, the perceived DF/Sec threats posed by the cloud. 2. Discover and document the preparation companies are putting into place in preparation for the cloud. 3. Identify and assess the changes that will need to be made to DF/Sec procedures to accommodate data processing in the cloud. 4. Propose a set of practices and procedures that will better support organisation meet the DF/Sec challenges faced when working in the cloud.