I was pleased to hear what Marcus Sachs is working on, courtesy of an interview by Illena Armstrong and Marcia Savage in this month's SC Magazine. I first met Marcus when I was an Air Force captain at the AFCERT and he was an Army Major at the JTF-CND.
Marcus mentioned a project that caught my attention:
"We're also building a database of large data sets collected from the internet. The intent is to help researchers who might be working on a new security device.
Rather than trying to connect to their own networks and pull live data in from their university network, or wherever they are doing the research, we want to provide them with real data sets that have been collected from the internet, but properly sanitized and anonymized...
In a technical sense, this is easy. All you have to do is hook a computer up and start recording. But you end up picking up a lot of private information. We have been working on this with lawyers, the Electronic Privacy Information Center (EPIC) and the Electronic Freedom Foundation, among others.
This is going to be remarkable because we'll be able to create anonymous data sets that actually reflect what the hostile internet looks like, but that the privacy people are OK with. Both the public and the private sector will have access to this database, but they will have to be vetted if they want to use it. If Al Qaeda wants access, we won't grant it, but if the Atlanta Police Department wants to train some cybercops, then that's cool.
SC: When will this be done?
Sachs: We're getting close. We could see this come online later this year or early next year. We're just working out the last details with the lawyers."
This sounds very interesting, and similar to OpenPacket.org. When I finally get some time to work on OpenPacket, it should be similar to Marcus' project. However, I don't intend to limit who can download the data. I plan to host network traffic in Libpcap format. I wonder if Marcus will offer the same, or more (hard drive images, like our book Real Digital Forensics, maybe).