or
Looking to list your PhD opportunities? Log in here.
In computer forensics, investigators need to be able to analyse storage devices. Storage devices tend to store information in blocks, and the arrangement of blocks in a certain order is the thing which represents a data object. However, if the information about each block is lost, then it can almost impossible to piece the blocks back together in order to reform all the data objects. In storage drives, each block is arranged into file objects using the filesystem metadata. If this metadata is lost or deleted, recovery is challenging. Such recovery might be useful during a forensic examination of a drive where some of the data was deleted. Some work has been done in this area of forensics, but the processes are mechanical and the effectiveness limited to only certain cases.
Blocks themselves can be any sort of data, so categorising each block is a good first step. In a file system this could for instance be differentiating pdf blocks from jpeg blocks. Some algorithms exist already in this area, but these are largely algorithmic and lack high precision. Joining different blocks of the same time together to form the original file or memory object would also be a useful step, and this is certainly an area with many opportunities to explore.
Many current approaches rely on the hope that a single data object will most likely be available in contiguous blocks. Such unfragmented sets of data blocks is relatively easy to extract. However many filesystems now utilise non-contiguous areas regularly, instead using tree-based version branching for files which leads to greater degrees of fragmentation and of block reuse between file versions. In addition, the continuous switch to solid-state storage devices can further confound the process, where such memory blocks are highly fragmented in the storage layer, and where blocks may be more easily recovered than the mapping tables in the storage manager.
This PhD proposes to examine block-based data found in a variety of storage systems, and develop systems to analyse data blocks and understand how such blocks relate to each other through the use of artificial intelligence. Such techniques could be neural networks or based on data mining approaches. In block-storage systems the resulting methodologies should allow whole files to be recreated without referencing the accompanying metadata.
Academic qualifications
A second class honour degree or equivalent qualification in Computing.
English language requirement
If your first language is not English, comply with the University requirements for research degree programmes in terms of English language.
Application process
Prospective applicants are encouraged to contact the supervisor, Dr. Gordon Russell ([Email Address Removed]) to discuss the content of the project and the fit with their qualifications and skills before preparing an application.
The application must include:
Research project outline of 2 pages (list of references excluded). The outline may provide details about
The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.
Applications can be submitted here.
Download a copy of the project details here.
Based on your current searches we recommend the following search filters.
Check out our other PhDs in Edinburgh, United Kingdom
Start a New search with our database of over 4,000 PhDs
Based on your current search criteria we thought you might be interested in these.
Forensic storage carving using AI
Edinburgh Napier University
Enabling CO2 Capture and Storage Using AI
Heriot-Watt University
Developing Hydrogen Storage Materials Using Advanced Manufacturing Methods
University of Aberdeen