Ideas list

Contents 1 Modules 1.1 Specific file Format 1.1.1 Office 1.1.2 File System 1.1.3 Android NAND dumper 1.1.4 Volumes 1.1.5 Mailbox 1.2 Disasembly 1.3 Copy on Write 1.4 Network Analysis 1.5 Network connector 1.6 Image detection algorithm 1.7 OCR for indexation 2 API 2.1 Datastructure description language 2.2 Normalizing times 3 GUI 3.1 Advanced Node view 4 UI 4.1 Web Based User Interface

Modules

Specific file Format

Office

• An office (.doc, .odt, .ppt, ...) document reader and metadata extractor

File System

• HFS+
• JFFS
• CDFS
• UFS
• XFS
• Encrypted FS
• YAFFS 1/2
• JFFS
• BTRFS

Android NAND dumper

• based on tools developed by xdadevelopers (http://svn.infernix.net/nandroid/nandroid.sh), develop a NAND dumper for phones based on Android.

Volumes

• RAID reconstruction

Develop modules capable of mounting the file system on DFF and recover deleted files.

Mailbox

• Lotus notes

Disasembly

• Use open-source library like distorm to add disasembly capabilities to DFF (For examples in the hexeditor)

Architecture supported must be : arm (for cellphone analysis), X86 or amd 64

Copy on Write

• Develop a copy on write modules or directly in the API based on MFSO or made from scracth the goal is to permit

to modify some damaged bytes of a file system to made it readble by other modules. ( Partition and file system reconstruction for examples). Must be able to replace shm/touch modules.

Network Analysis

• Network analysis modules for getting NBE (network based evidences) out of PCAP files

Network connector

• Developement of network connector (could be use insted of local/devices/ewf/... modules) that connect to a remote computer

and permit access to the devices or files of the computer. (simple ftp modules, sftp, or windd network compatible modules, devices network connector, ...)

Image detection algorithm

• A skin detection algorithm (could be based on open CV for examples)

OCR for indexation

• An OCR modules that can extract text from images or other document to add the content the indexation engines.

(could be based on tesseract)

API

Datastructure description language

• Develop a DSL or something that can permit to describe binary datastructure.

This must be usable to carve the datastructure, use coloration in the hexviewer or to develop modules more easily.

Normalizing times

• Describe all times based on UTC, or timezone of the current case ; should be configured by analyst
• Be able to time-shift every children of one node, clock of any analyzed source if often out of synchronization of a few minutes.

GUI

Advanced Node view

• A 3D or 2D view permitting to see nodes as graph rather than tree
• A tree mapview (like KDirStat , GDMap, xdiskusage )
• A baobab like view

UI

Web Based User Interface

• A web based user interface to use DFF could permit multi-user access a case as same time on distant server more easily