Jim Jones

Associate Professor
Engineering 3241
Office Hours: 
T/R: 9:00 - 10:30 A.M.
Research Area: 
Computer Forensics

Jim Jones is an Associate Professor in the Computer Forensics program within the ECE Department. Dr. Jones earned his Bachelor's degree from Georgia Tech (Industrial and Systems Engineering, 1989), Master's degree from Clemson University (Mathematical Sciences, 1995), and PhD from George Mason University (Computational Sciences and Informatics, 2008). He has been a cyber security practitioner, researcher, and educator for over 20 years. During that time, he has led and performed network and system vulnerability and penetration tests, led a cyber incident response team, conducted digital forensics investigations, and taught university courses in cyber security, penetration testing, digital forensics, and programming. Past and current funded research sponsors include DARPA, DHS, NSF, and DoD. His research interests are focused on digital artifact extraction, analysis, and manipulation, and on offensive cyber deception in adversarial environments.

Possible Advisee Scholarly Paper Topics

(Possible Research Topics, BS/MS/PhD)

Title: Noise Reduction for Digital Artifact Collection
Description: Differential file analysis to identify digital artifacts on computing systems suffers from high noise rates on running systems. This project will execute experiments to validate a "parallel fork" approach to noise reduction during artifact collection.
Requirements: Virtual Machine operation and NTFS file system knowledge; some Python and Unix scripting knowledge useful but not required.

Title: Differential Sector Analysis
Description: Differential file analysis is currently used to identify artifacts resulting from an action on a computing device. This project will execute experiments to assess the relative value of a sector level differential analysis compared to file level differential analysis.
Requirements: Virtual Machine operation and NTFS file system knowledge; some Python and Unix scripting knowledge useful but not required.

Title: Android Emulator Fidelity
Description: Emulators are commonly used to conduct controlled experiments. This project will verify the media-level fidelity of the Android SDK virtual mobile device emulator compared to physical Android devices.
Requirements: Basic Android device operation; experience with Android emulator useful but not required.

Title: Flash Translation Layer Inference
Description: Solid state storage media chips and devices implement a Flash Translation Layer (FTL) which translates logical read and write requests to physical media addresses. This project will experimentally determine the FTL mapping algorithms by comparing patterns of logical and physical data locations.
Requirements: experience dumping raw data from solid state storage chips; some Python knowledge useful but not required.

Title: Sensor Data Tracking
Description: Physical effects such as light and sound are received by sensing devices, converted to digital forms, and passed to back-end computing devices. This project will explore the possibility of tracing data from the source physical effect to digital media storage on the back-end computing device.
Requirements: some Python knowledge useful but not required.

Title: Data Hiding in Files and Devices
Description: Digital devices and files contain unused or non-critical locations where extraneous data may be stored with unknown persistence properties. This project will catalog those locations and experimentally establish persistence under various user and system actions.
Requirements: hex editor experience, low-level file forensics; some Python knowledge useful but not required.

Title: Network Data Manipulation
Description: Network packets may be manipulated inline for various purposes. This project will implement code using Scapy to rewrite arbitrary packets according to a configuration file and dynamic input.
Requirements: Python programming experience and network packet analysis; Scapy experience useful but not required.

Title: Virtual Hard Disk and Memory Manipulation
Description: Virtual hard disks and memory files may be edited in real time by adapting existing tools. This project will adapt these existing tools to rewrite arbitrary disk and memory locations according to user input.
Requirements: Low-level virtual machine knowledge; some programming skills (Python preferred).

Title: Infer Cluster and Sector Size
Description: Some media images are partial, corrupt, or untrusted and do not contain reliable media formatting information such as cluster and sector size. This project will test an approach to analytically determine sector and cluster size from data patterns on the media.
Requirements: understanding of digital media formats; some Python knowledge useful but not required.

Title: Fragment dating
Description: Digital fragments in unallocated space are no longer associated with timestamps maintained by the filesystem. This project will date unallocated fragments by studying logically and physically nearby allocated data.
Requirements: understanding of digital media formats; some Python knowledge useful but not required.


Semester Catalog Course Room Lecture Times Syllabus
Spring 2017 CFRS 772 Forensic Artifact Extraction Nguyen Engineering Building 5358 W: 4:30 pm - 7:10 pm

Senior Design Projects

Group Members Title Selected Deliverables Semester
Philip Case, Andrew Choi, Guilherme Gomes, Eui Kim, Jan-Mikael Suneborn Active Structural Acoustic Control Spring 2016
Sudin Joshi, Ismail Osmanjan, Shambhu Ray, Jeremiah Silverio USB Interface Monitoring Spring 2014
Gaston Cespedes, Kevin Galvin, Jordan Ruthe, Jung-Ho Song Deep Packet Manipulator Spring 2014

Recent News