I have an open position for a Ph.D. student working on process tracking for forensic readiness in operating systems.
There are clear instructions in the announcement how to apply. Nevertheless, I sometimes get emails that are not aimed at the announced position. Take a look at the picture. The candidate is „extremely motivated to apply“.
So motivated even that the candidate did not bother to disguise that the email was composed of old text.
- My name and institution appear in a different colour than the rest of the text.
- The motivation letter mentions Quaternion Fourier Transform and a background in signal processing – completely irrelevant to the announced position.
- The PDF file of the motivation letter was created three months before the position was announced.
Please, tailor your application to the position announcement. If you want to work with me for three years, I expect you invest more than just two minutes into composing your application.
The announcement itself:
Forensic analysis of computer systems suffers from a sparseness of logging of events. It would be desirable to have a log of all state-changing activities of important processes, analogous to a flight data recorder used to investigate plane crashes. Growth in computational power and storage capacity appears to make comprehensive traceability feasible. Traceability provides evidence that can be used in a legal process to achieve accountability of entities. Logging and versioning is a feature increasingly being integrated into platforms and is also mentioned as part of the CRA Grand Research Challenge 4 in Information Systems („Build Systems You Can Count On“).
Challenges that should be addressed by the research include:
- What are the state-changing activities of processes?
- How effective, efficient, and expensive is comprehensive process activity tracking?
- Which hardware/software architecture facilitates process activity tracking?
- What are privacy implications for users of systems that support comprehensive traceability?
- How does comprehensive traceability affect evidence gathering and the legal process?
- How can traceability be generalised to a „unified theory“ of database transactions, configuration changes in system management, and event recovery in forensic investigation?
Methods that can be applied are modelling of operating system and protection mechanisms, architectural analysis of system designs, reasoning about traceable state changes, vulnerability analysis of logging infrastructure, feasibility study of comprehensive traceability by prototypical development.
Specific background and skills in one or more of the following areas is highly desirable:
- Degree in Computer Science or Engineering with a solid background in operating systems and their APIs, i.e., intimate familiarity with Windows and/or Linux
- Software development skills
- Willingness and ability to communicate with people who do not have a technical background.
Check the official announcement for instructions how to apply.
