Current Funded Projects

Science Foundation Ireland LERO Irish Centre for Software Excellence (2015-2020)

In this project DigitalFIRE explores probabilistic approaches to construction and automated analysis of approximate models for digital forensic analysis. The first objective of this project is to construct efficient algorithms for approximate digital forensic inference, that offer controlled and measurable estimation of reasoning and can trade-off consumed computational resources vs precision of inference.  A proof-of-concept automated analysis system is being developed for an industrial partner.  The second objective of the project is to improve the usability of automated forensic inference algorithms by exploring intuitive human-machine interface concepts and visualisation techniques that improve performance of a human analyst.

Paricipants: Lee Tobin, Alex Peña, Babak Habibnia, Paulo Roberto Nunes de Souza, Pavel Gladyshev


Past Funded Projects

Science Foundation Ireland LERO2 ManSec project: Digital Forensics in the Cloud (2011-2015)

Information security measures can be divided into preventative (e.g. encryption and other access control mechanisms), and reactive (investigations). The preventative aspect of the IT cloud security is an area of active research and development, while the reactive aspect of cloud security is much less developed and understood. This project studies problems connected with the investigation of crimes and non-criminal incidents involving cloud computing services. This project is conducted in close collaboration with IBM and the proposed solutions are tested in the context of IBM Cloud-based services.

Paricipants: Alan Hannaway, Ahmed Shosha, Liban Mohamud, Seang Chiw, Lee Tobin, Pavel Gladyshev

EU FP7 AFTER project (2010-2014)

AFTER project addresses the challenges posed by the need for vulnerability evaluation and contingency planning of the energy grids and energy plants considering also the relevant ICT systems used in protection and control. The main addressed problems are related to high impact wide spread multiple contingencies, the most significant wide area criticality. This kind of contingencies and the following cascading effects can be caused by deliberate acts of terrorism, sabotage, criminal activity, malicious behaviour etc or they can simply be caused by a combination of accidents, natural disasters, negligence.

DigitalFIRE tasks are centered at the development of adaptive algorithms for automated detection of physical intrusions into objects of electric power grid infrastructure.

Participants: Ahmed F. Shosha, Jing Xe, Pavel Gladyshev

 Science Foundation Ireland AER project (2007-2009)

The number and severity of crimes involving computers and the Internet is increasing, which makes investigation of such crimes a matter of high social importance. Despite existence of semi-automatic specialist tools, investigation of computer crimes remains a highly time- and labour-consuming process, and its further automation is desirable to increase productivity of the investigators. This project developed improved methods and algorithms for automatic reconstruction of events in computer crimes and incidents based on Finite State Machine theory of digital investigation.

Participants: Yuandong Zhu, Joshua I. James, Pavel Gladyshev

Science Foundation Ireland Short Term Travel Fellowship (2009-2010)

Research into real-world digital forensic practices for the development of highly automated tools to increase speed and efficiency of forensic investigations.

Participants: Joshua I. James,  Bernhard Otupal, Pavel Gladyshev

Enterprise Ireland DARE project (2010)

Data recovery is a growing market. An estimated 300000 hard disk drives are sent for data recovery every year with the cost of recovery ranging from several hundred to several thousand euro. The mainstream method of recovering data from failed hard disk drives consists in the replacement of the failed components and copying the data from the failed disk to another storage device. The component replacement method is of limited use if the magnetic medium is damaged. For example, if the disk surface is scratched by a failed magnetic head, the replacement head can be destroyed by the roughness of the scratched surface. As a result, several head replacement procedures may be required to recover all of the remaining data from such a drive. This project explored the possibility of recovering data from failed drives by reading the data directly from the magnetic medium (including damaged magnetic disk platters) using a spin stand and a third-party nanomagnetic sensor.

Participants: Cormac Doherty, Pavel Gladyshev

Enterprise Ireland INCUS project (2011-2012)

This project was a continuation of AER project, which generated a number of patentable technologies. The main contribution of InCUs is the re-implementation of AER algorithms in the form of a marketable technology. Unlike AER software, InCUs was designed from the ground up to minimise impact on the potential evidence. It includes clean room re-implementations of parts of functionality of Windows OS components including NTFS, Windows Registry, and Internet and Windows Explorer  In addition, under InCUs project extensive research into event reconstruction methodologies was performed along with identifying and reverse-engineering specific artifacts in recent Windows operating systems that change along side user actions.

Participants: John Michael Harkness, Barry Denby, Pavel Gladyshev

Science Foundation Ireland Short Term Travel Fellowship (2012)

Ireland and South Korea as case studies: Identification of international trends in digital crime, investigation procedures and law, and the development of tools and processes to manage these trends.

Participants: Joshua I. James, Yunsik “Jake” Jang, Joe Carthy, Pavel Gladyshev