My doctorate is from Purdue University in the computer forensics program as a CERIAS student in information assurance and security. My research is on applied research to solve problems in this space and has a focus on specific areas of this domain. Opportunity to involve oneself in funded research rarely is a highly specific concentration so I maintain a portfolio of ongoing research within the same general focus area. I especially enjoy working in widely diverse multi-disciplinary projects across the entirety of a university system to solve real world problems.
Computer forensics is made up of several subsets of forensic analysis of information at rest, while being processed, and while being transmitted. I am very interested in the aspects of live forensics for attribution of cyber attacks and conflict. I have been writing extensively on patterns of cyber warfare and paradigms of how war is carried out. Facilitating understanding of experts who work within this domain is an important and very fundable opportunity. There is a significant amount of interest (DoD, DOE, DARPA, IARPA, ONA) that has been starting to develop around formalizing understanding at this level.
I have started doing research into methods and practices of digital investigations where technology has overcome the law enforcement precepts of motive, means and opportunity. There are numerous agencies that would be interested in funding this kind of research (IARPA, NIJ, FLETC, DOJ, etc.).
Evidence based information assurance and security has been getting some traction recently. The risk management and information assurance and security paradigm has been written about extensively, but there are specific applied research areas that are remarkably under researched and extremely fundable by external agencies. The pairing of the vulnerability and threat that overcomes a countermeasure with some associated impact is well documented if not instantiated in policy. What is remarkable is the amount of work done on the threat side of the heuristic and the incredible absence of topological, ontological and forensics of vulnerabilities. This kind of research is of interest to external funding agencies like NSF, DARPA, various corporations, and government agencies. This vector of research is informed by network forensics and malware analysis.
Though the media is filled with anecdotes purporting to be cyber warfare the actual research into conflict with the domain of cyberspace has been fairly small. More than simply computer attacking computer and much more than simply information assurance and security this area of research is filled with interesting questions, opportunities for funding, and associated contracts with government agencies and corporations. Understanding the mechanisms, ontologies, taxonomies and issues with definitions is just one small step. Then there are the mechanisms of high-speed attribution, targeting, tactics, techniques, resilience to allow continued operations and so much more. There are numerous Broad Agency Announcement (BAA) contracts each year to discuss these topics.
There is an emerging discussion that I would like to bring to an organization that would put it on the very edge and likely instant leadership position. Though it seems simplistic the area is a point of convergence. The Internet of things is fairly well understood, but what has been happening is everything from a vehicle network to a small appliance network in the home has been networked. With the addition of medical appliances and human prosthetic devices to include brain computer interfaces the man machine interface of Norbert Wiener is approaching what Ray Kurzweil discusses as the singularity. This is obviously a fairly well developed concept. How do you do forensic analysis on the embedded network of a car, which is the location of ingress into an enterprise network. That then is used to remove national security information, which then may cross many different legal provinces? How do you prepare a risk analysis of this new emerging domain of problems? Finally, what are the opportunity and risks of prosecuting a cyber attack against infrastructures of this nature?