Cross-Contamination of Evidence During Live Responses (Bachelor/Master)

Art der Arbeit:

Studien-/Bachelor-/Diplom-/Masterarbeit

Betreuer:

Gruber, Jan
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Telefon +49 9131 85 69597, Fax +49 9131 85 69919, E-Mail: jan.gruber@fau.de

Beschreibung der Arbeit:

Law enforcement analysts as well as incident responders perform acquisitions and triage analyses on running system to an increasing extent. However, the possibility of cross-contamination of digital evidence during such live response scenarios has not been quantified. In the course of this thesis, theoretical hypotheses about potential sources of pollutions and their effects on volatile as well as non-volatile evidence should be elaborated and experimentally validated. As a result, the thesis should provide answers to question like, when and under which circumstances cross-contamination of digital evidence is likely to occur, to what extend such a contamination could take place, which artifacts could be affected, and which countermeasures should be employed to minimize the pollution of the system under investigation.

Vorausgesetzte Vorlesungen bzw. Kenntnisse:

To accomplish this project you should be familiar with OS internals, filesystem- as well as memory-forensics and have some initial knowledge about the tooling and procedures for conducting live responses. Furthermore, you should be experienced in conducting state- and event-based analyses. The ideal candidate has a experience with automating the construction of analysis environments and the analysis steps itself.

Schlagwörter:

Forensics, Live Analysis

Bearbeitungszustand:

Die Arbeit ist bereits vergeben.