Hi What you proposed is more a subject for Intrusion Detection than forensics. Forensics is post mortem. What about researching ways to gather infos on a live système without compromising evidences. I think that would be revolutionary. Methods for gathering info from RAM, SWAP. Standardisation of evidence gathering.... Cheers > -----Message d'origine----- > De : Christian Kruggel [mailto:secadminat_private] > Envoyé : lundi 18 mars 2002 19:54 > À : mstevenson > Cc : forensicsat_private > Objet : Re: Suggestions for research > > > Hi Matthew! > > I'm not too involved into security-matters but to me there > seems to be a > lack of method. Examination of incedents mostly come > post-mortem and are > case-based. As far as i know there is only little *software* > to detect > anormal traffic. > > To me the many practical computer-related-problems boil down to the > question whether you have got a suitable model to describe > normal states > and anormal ones. > > How about a statistic-focused phd about special kind of traffic that > allows to predict that a network will face serious problems? > > Take care, > > Christian > > mstevenson wrote: > > > Hello, > > > > I know that most of you are practitioners in this field (as > I am), but I decided to give it a shot anyway. > > > > I'm starting a Ph.D. in CS and I want to research on > computer forensics. However, my advisor knows very little > about forensics, and I'm having a difficult time trying to > find a suitable research topic. > > > > Does anybody here have a suggestion? Perhaps some crazy > idea you had but you thought, "Oh, only in grad school I'd > have the time to try it"? > > > > Thanks for your input, > > > > -- > > Matthew K Stevenson > > mstevensonat_private > > > > > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > > > > > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 19 2002 - 08:59:16 PST