Wednesday, January 26, 2005

Conducting Research

I've been wondering for a while now about the status of computer forensics research and publication. Regarding 'research', I'm not talking about the academic kind, where a couple of grad students complete projects for a PhD. What I'm talking about is folks in the industry following a rigorous methodology for discovering and verifying something, or answering a question.

I wonder about this, because I do some of this myself. In fact, I'm working with someone now on a project that involves the use of USB-connected storage devices on Windows systems. Some of the things we're doing that are holding the research up are verification of findings, as well as trying to get documentation from Microsoft to support our findings.

In conducting searches for information, it's become pretty clear that either this sort of research isn't going on, or it's simply not publicly available.

What're your thoughts on the topic? Have you published something that you've fully documented, and made it publicly available?


Anonymous said...

I went through this exact quandry a while back. There are at least two academic journals on computer forensics, The International Journal of Digital Evidence, which is freely available on the web, and Digital Investigation, a high-cost journal. I've published in the former as I wanted my work to be freely available to all. -- Jesse

Keydet89 said...


Like you, I've published in the Digital Investigation Journal; I just received notification that my second article will be published. I also present at conferences. However, I'm not seeing a great deal of info out there in other sources besides those that have been mentioned.

Anonymous said...

Yep. This happens with nearly every interesting case. Whether it be a issue of time and date stamps that hasn't been covered in publicly available sources or the internal file metadata for particular compound files, or the behavior of compiled code.
We never publish though. There is little point to it, unfortunately. There are no publications that are authoritative or useful yet. Computer security weenies chatter too much on the more popular forums.
With any luck, certain organizations will step forward and publish restrictions on the field. At that time, I believe that worthwhile publications will emerge.
-- M