COMPSCI 365/590F

Digital Forensics (Spring 2018)

Overview

Syllabus

Schedule

Assignments

590F Project Part 01: Specification

The 590F students will do a (relatively) free-form project during the few weeks of the semester. This project can be done individually or in small (two or three member) groups. The idea here is for you to do something “interesting” related to digital forensics, with minimal supervision from the instructor.

The project proceeds in two parts. First, you (with your group, if any) propose a project idea (see below for some ideas) and grading criteria. Then I comment on the project idea; if necessary you revise it, and we agree upon it.

Then, you implement the project sometime before the end of classes. I’ll grade it and you’re done, and you have something to stick in your portfolio as a bonus.

Part 01: Specification

So, pitch me on something you want to do that will require 2–3 weeks of time to complete. It doesn’t have to be gigantic, but it should be of the same scale as some of the larger programming projects we’ve done. Tell me what you want to do, and how I’ll know it’s right. Here are some examples (in roughly ascending order of difficulty):

  • Implement fls for NTFS. Your evidence of correctness would likely be tests against the reference implementation of istat.

  • Implement istat_XXX, where XXX is some other file format (TSK supports NTFS, FAT, ExFAT, UFS 1, UFS 2, EXT2FS, EXT3FS, Ext4, HFS, ISO 9660, and YAFFS2; anything from UFS 1 onward in that list is reasonable, though if you go with one of simpler ones I will likely as for a little more out of you.) Again you could test against TSK’s istat output.

  • Implement a (probably simplified) version of some other forensic tool, such as bulk_extractor or scalpel. Your evidence might be comparing against a reference implementation, though it likely wouldn’t be a straight diff. (See https://forensicswiki.org/wiki/Category:Tools for links to various tools.)

  • Implement a (probably simplified) version of an idea from a relevant research paper. DFRWS is a large forensics conference with an extensive public archive; you may be able to find something there that matches your interests. Evidence here would likely be some kind of validation testing.

For simpler things on this list I’ll expect you to work alone. Harder things you may do in groups if you so choose.

In all cases I’ll expect a README or the like describing your project, its dependencies, and how to test it; I’ll also expect to be able to test it myself on my local environment. I may also want a writeup of your approach and/or results.

Submit your proposal via Gradescope by the deadline; I’ll give you feedback, and we’ll agree on something shortly thereafter.