College of Arts and Sciences - Department of Computer Science and Statistics - Digital Forensics

• Digital Forensics
  Home
• Degree and
  Certificate Programs
  • Undergrad Minor
  • Professional Certificate
  • Graduate Certificate
  • Masters and PhD Programs
• Course
  Descriptions
  • HPR 108B
  • COMI 8035
  • CSC 414
  • CSC 491
  • CSC 485
  • CSC 486
  • CSC 499
  • CSC 585
  • CSC 586
  • CSC 590
  • CSC 592
  • CSC 599/699
• Faculty and Staff
• Research
• Internships
• FAQ

Digital Forensics Research

The University of Rhode Island's Digital Forensics Program is a national leader in digital forensics research and development, with over two million dollars in federal funding from the U.S Department of Justice, the U.S National Science Foundation, and the U.S. Dept of Homeland Security.

Faculty-supervised research, to varying levels, is required in the Graduate Certificate, Masters, and PhD programs in Digital Forensics. We also strongly encourage undergraduates to become involved in the research programs.

Selected current research projects include:

• Steganography Detection - Steganography is the art of hiding data in plain sight. Criminals use this technique and advanced computer knowledge to hide data inside seemingly harmless files (image files, music files, text files, etc). This technique is so advanced that no human can visually detect that a specific file has hidden data in it. The URI research group on Steganography Detection, under a U.S. Dept of Justice-sponsored project, is creating sophisticated machine-learning software that will assist law enforcement in the detection of data that has been hidden through steganography, on a computer.
  
  
• Software Write Blocking - Software write blocking allows forensic examination of digital media without the examination altering process the evidence, which could compromise its admissibility in court. Current practice is to use hardware write blockers, which are expensive, slow, and cumbersome. URI's research into software write blocking techniques have led to the commercial software write blockers and Windows forensic boot disk sold through ForensicSoft Inc, which are faster, more flexible, less expensive, and block more interfaces (SAS, RAID, etc) than hardware write blockers.
  
  
• Human Image Detection - The average computer has hundreds of thousands of images stored on its hard drive. When law enforcement is involved in an investigation that involves finding pictures containing humans, such as pornography or child pornography, they must manually search through each of these hundreds of thousands of images to find what they are looking for. The URI research group on Human Image Detection, under a U.S. Dept of Justice-sponsored project, is creating software trained with law enforcement criteria that will assist law enforcement in the detection of these images, thus greatly reducing the number of hours that law enforcement spends on these types of investigations.
  
  
• Network Boot Disk - Acquiring data in a network environment presents challenges to law enforcement including accessing servers with unique hardware and drivers, hardware and software RAIDs, and the need for remote access to some data centers. Currently there are no tools in the industry to help law enforcement solve these issues in a forensically sound manner. The URI research group on Network Boot Disks, under a U.S. Dept of Justice-sponsored project, is developing a Windows Boot Disk that will address these challenges in an easy to use familiar environment.
  
  
• Search String Support - Current tools make it easy for law enforcement to search evidence for individual key terms and single words. However, when law enforcement wishes to complete a more advance search, such as for phone numbers or credit card numbers, the technique becomes much more difficult. While most forensic tools have the capability to use regular expressions for searching, the technique of generating efficient, effective, and accurate regular expressions is quite difficult. Making the problem worse is the fact that there is no sharing of these regular expressions among law enforcement investigators. As a result each investigator spends a huge amount of effort coming up with regular expressions that someone else has probably already created at a previous date. The URI research group on Search String Support, on a U.S. Dept of Justice-sponsored project, is working on a web-based interface that will assist law enforcement in generating these regular expressions and serve as a repository for previously generated search expressions.
  
  
• Centralized Digital Forensics Analysis - URI is developing a standard architecture, software suite, and set of procedures for centralized digital forensics analysis. The notion is that organizations can focus their digital forensics analysis in a centralized facility while allowing remote access for case analysis. URI's Digital Forensics Research Group is currently contracted by the Rhode Island State Police, on a U.S. Dept of Homeland Security project, to develop a centralized digital forensics lab for the entire state of Rhode Island. In this lab, trained digital forensics law enforcement personnel manage the evidence at the centralized facility, while lesser-trained "case officers" search and bookmark the evidence. This design realizes a huge cost savings in equipment and training while offloading searching and case-specific work from the trained digital forensics personnel. URI's research and development into secure, forensically-sound, easy-to-use techniques is making this possible and will serve as a model that we export to other organizations.

Apply Now

Apply Now to the University of Rhode Island.

Apply Now to the Digital Forensics Undergraduate Minor.

Apply Now to our Digital Forensics Professional Certificate Program.

Apply Now to our Digital Forensics Graduate Certificate Program.

Coming Soon

Starting in Spring 2010 URI will be offering a full course in EnCase Forensics Software. This course will be eligible to any student who is currently enrolled in one of the degree or certificate programs and has successfully completed CSC485 or CSC585. Enroll now to be one of the first students eligible. Students who complete the course will be eligible to take their EnCe certification test.