Don't miss our weekly PhD newsletter | Sign up now Don't miss our weekly PhD newsletter | Sign up now

This project is no longer listed on FindAPhD.com and may not be available.

Click here to search FindAPhD.com for PhD studentship opportunities
  Dr G Russell, Assoc Prof Rich McFarlane  Applications accepted all year round  Self-Funded PhD Students Only

About the Project

In computer forensics, investigators need to be able to analyse storage devices. Storage devices tend to store information in blocks, and the arrangement of blocks in a certain order is the thing which represents a data object. However, if the information about each block is lost, then it can almost impossible to piece the blocks back together in order to reform all the data objects. In storage drives, each block is arranged into file objects using the filesystem metadata. If this metadata is lost or deleted, recovery is challenging. Such recovery might be useful during a forensic examination of a drive where some of the data was deleted. Some work has been done in this area of forensics, but the processes are mechanical and the effectiveness limited to only certain cases.

Blocks themselves can be any sort of data, so categorising each block is a good first step. In a file system this could for instance be differentiating pdf blocks from jpeg blocks. Some algorithms exist already in this area, but these are largely algorithmic and lack high precision. Joining different blocks of the same time together to form the original file or memory object would also be a useful step, and this is certainly an area with many opportunities to explore.

Many current approaches rely on the hope that a single data object will most likely be available in contiguous blocks. Such unfragmented sets of data blocks is relatively easy to extract. However many filesystems now utilise non-contiguous areas regularly, instead using tree-based version branching for files which leads to greater degrees of fragmentation and of block reuse between file versions. In addition, the continuous switch to solid-state storage devices can further confound the process, where such memory blocks are highly fragmented in the storage layer, and where blocks may be more easily recovered than the mapping tables in the storage manager.

This PhD proposes to examine block-based data found in a variety of storage systems, and develop systems to analyse data blocks and understand how such blocks relate to each other through the use of artificial intelligence. Such techniques could be neural networks or based on data mining approaches. In block-storage systems the resulting methodologies should allow whole files to be recreated without referencing the accompanying metadata. 

Academic qualifications

A second class honour degree or equivalent qualification in Computing.

English language requirement

If your first language is not English, comply with the University requirements for research degree programmes in terms of English language.

Application process

Prospective applicants are encouraged to contact the supervisor, Dr. Gordon Russell () to discuss the content of the project and the fit with their qualifications and skills before preparing an application. 

The application must include: 

Research project outline of 2 pages (list of references excluded). The outline may provide details about

  • Background and motivation, explaining the importance of the project, should be supported also by relevant literature. You can also discuss the applications you expect for the project results.
  • Research questions or
  • Methodology: types of data to be used, approach to data collection, and data analysis methods.
  • List of references

The outline must be created solely by the applicant. Supervisors can only offer general discussions about the project idea without providing any additional support.

  • Statement no longer than 1 page describing your motivations and fit with the project.
  • Recent and complete curriculum vitae. The curriculum must include a declaration regarding the English language qualifications of the candidate.
  • Supporting documents will have to be submitted by successful candidates.
  • Two academic references (but if you have been out of education for more than three years, you may submit one academic and one professional reference), on the form can be downloaded here.

Applications can be submitted here.

Download a copy of the project details here.

Computer Science (8)

References

[1] https://www.forensicfocus.com/articles/a-survey-on-data-carving-in-digitalforensics/
[2] https://www.diva-portal.org/smash/get/diva2:1671149/FULLTEXT02.pdf
Search Suggestions
Search suggestions

Based on your current searches we recommend the following search filters.

 About the Project