Work
Areas of Research
Video Game Device Forensics
As modern video game devices become more and more akin to personal computers, it is imperitive that law enforcement agencies and academia alike gain a better understanding of these devices and how they can be used to engage in illegal activities.
IM Client Forensics
IM (instant messaging) clients are primarily used for engaging in real-time conversations with one or more persons via the exchange of text messages. Modern IM clients, however, are capable of file transfers, photo-sharing, and much more. The data left behind by these activities can be a goldmine for investigators.
Windows Jump List Forensics
Jump lists, a feature found in the Windows 7 operating system, have the potential to be a good source of evidence in certain situations. Windows keeps a list of files opened by programs pinned to the taskbar, which can provide information about a user's activities with media players, image viewers, and other programs.
Online stalking, harassment, and attacks
The prevalence of social media has made it much easier for pranksters and stalkers to find highly-sensitive personal infomration about their targets. Understanding the tools and techniques the criminals are using is the first step in protecting existing and potential victims from harassment.
Current Projects
ConsoleForensics.com
A centralized collection of papers and tools relating to the field of video game device forensics.
Windows Jump List Extractor
Working title. A tool to extract data from Windows 7 Jump Lists and display it in a convenient format. This project is on hold pending further research into the internal structure of Jump Lists.
Completed Projects
Chat Sniper
A tool similar to Pidgin Hunter, but able to retrieve and analyze data left by other chat clients (AIM, MSN (Live), and Yahoo). This project is complete and Chat Sniper is now available for purchase.
Pidgin Forensics: Pidgin Hunter
Pidgin is a multi-protocol instant messaging client available on many operating systems. This project produced an automated tool designed to assist law enforcement in the acquisition and analysis of data left by Pidgin. Although this project is completed, Pidgin Hunter is still maintained and feature requests/bug reports are encouraged. Please see the dedicated page for more information.