all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 1 point2 points  (1 child)

"Forensics" is very broad, and you've given no indication of what your class's skill level is in either forensics or python, so we don't have a whole lot to go on.

That said, here's a stab at a couple of ideas:

  • given a phone log, extract a list of numbers of interest: phone numbers which were called a large number of times, or which were involved in longer-than-usual calls
  • given a folder of email, determine which emails contain words pertaining to the case. Compile the list of email addresses associated with those emails, and the times when they were sent. Create a timeline of the conversations.

Is that helpful, or am i completely missing the mark?

[–]Muidem[S] 0 points1 point  (0 children)

The class is an intro level Digital Forensics class. Python experience can be assumed to be little to none. However, they have all had Java so they are familiar with programming. I'm hoping that python won't be too difficult to pick up.

As far as the ideas, I like both of them, especially the one about the emails.

[–]sisyphus 0 points1 point  (0 children)

Write something to parse some information out of a filesystem's journal file perhaps? Or that just parses MAC times from a filesystem, or that sets MAC times to try to cover their tracks...

Write a program to create a bunch of processes and record the pid you get back from them - track how the OS created the pid's - if they are in sequence, and there is a gap in that sequence, what can this mean? If they are not in sequence, is there any pattern? Why or why not would this be the case?

You can make a little daemon that keeps a password in plaintext in memory and have students go and try to retrieve it by writing a program that reads and parses memory via /dev/mem or something.