Note that I am happy to consider other ideas which come from the students that arise from the course content. Often a quick discussion is enough to discover a useful practicum idea.
A major part of computer forensics is to search hard disks for information. As hard disks can store hundreds of gigabytes, it becomes harder for forensic investigators to rapidly find the required evidence.
These projects would aid computer forensic investigators and would require a good knowledge of either Python or Java.
This project will use techniques to view unstructured data (e.g. data in the unallocated clusters of the file system or a snapshot of a process memory). Typical approaches would be:
The user interface which supports connecting different views of the data.
Recently, there has been a lot of work on creating timelines of a system from many sources of data on a computer. This has pointed to the lack of interesting tools to analyse the data. There is a simple idea to present the data in a timeline using pixels to represent events (corresponding to a line in the timeline) and showing events as they are laid out timewise (e.g. per hour). In this way, you could visualise the timeline in a very compact way. The value comes when you search for items in the text version of the timeline and see the search hits appear in the visualisation allowing you to quickly identify where related items occur in the timeline.
It is hard to describe the idea in text, however, however if like graphics programming then it is worth discussing this with me.
Build a powerful and fast way to search text on a hard disk.
Your program should be able to search unicode and ASCII data transparently to the user. The preprocessing will identify whether a region of the disk is unicode or ASCII and switch appropriately.
The program should be written as an eclipse plugin and be written so that it can easily be integrated with other forensic tools.