Academic Research 

I am now attached with school of Computing, Science and Engineering, University of Salford, Manchester, United Kingdom (U.K). 

Research Interests

I am interested in technical research in cyber forensics (malware analyzing, big-data investigation, SDN forensics,  IoT investigation) cyber crime (criminology and policy research), anti (online) money laundering and counter terrorism financing, and privacy issues in digital forensics! I have projects for almost all backgrounds/interests but obviously having experience in security or forensics would be a huge advantage, however, you would learn needed security and forensics skills upon joining us! Research on practical aspects of digital forensics is always inspiring me and as such I am planning to extend research in these areas:

Cyber Threat Intelligence and Threat Hunting

Today's adversaries including Advanced Persistent Threat (APT) actors accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defence mechanisms, go undetected during the intrusion, and then remain undetected on networks over long periods of time. In this project we are building tools, techniques and strategies to hunt for attackers’ remnants on different host and network locations and utilise different machine learning and deep learning techniques to analyse collected data and build intelligence that can be used for determining threat actors’ tactics, techniques and procedures (TTPs).

Real-Time Malware Detection and Analysis in Mobile and IoT Networks

Mobile and IoT platforms are the best means of spreading and dispatching malicious programs as these systems are usually lacking of standard detection/protection systems (i.e. Firewalls, IDS,..), end-users are usually not employing any defensive mechanism as well (not even simple anti-viruses), and devices are exposing good processing powers. As such, SMS, MMS and even App stores are heavily used by hackers to disseminate their malicious codes. At the same time, most of transmissions in these environments should happen in real-time (i.e. you can’t wait for 2 hours that your MMS get analysed and then be delivered!). In this project we are developing techniques and tools for real-time analysis and detection of malicious programs with focus on mobile and pervasive systems.

Detecting Software Vulnerabilities and 0-Day Exploits

With the fast growth of IT industry and huge pressure on quickly developing software programs; tones of vulnerabilities are released every day! Timely detection and properly handling these vulnerabilities require a lot of consistent research. Developing (semi) automated tools and techniques for detection of 0-day vulnerabilities and mechanisms to mitigate risks of 0-day exploits are important goals of this project.   

Darknet and Darknet of Things Forensics

In spite of the slim size of Darknet data in compare with Web and Deepnet data; the Darknet information plays significant role in tracing hackers and detection of attackers previous or next movements. As such, Darkent data collection, preservation and analysis techniques play significant role in incident detection, incident handling and digital forensics. This project aims to further current state of art in Darkent data collection and analysis.

Cyber Threat Hunting in Internet of Things (IoT) Networks (both offensive and defensive) 

With the fast integration of computation and networking in all physical process and development of lots of smart-contexts, the spectrum of devices that can be investigated is extensive.  A range of devices and protocols from PDAs and mobile devices to automobiles, sensors, and robots which are interconnected pervasively! The examination of these devices is a crucial component in future legal, governmental, and business investigations. Therefore, we need models and frameworks that for forensically sound collection, preservation, analysis and documentation of evidences in these environments.

Although we do use all sorts of different computer science techniques (e.g., machine learning) in our work, I am only interested in solving forensics/investigation problems, and not interested in advancing the field in other areas. Also, note that I am not interested in Crypto. Intrusion detection in the general sense is not interesting for me. The attacks are more sophisticated and specific, so if you are interested in general IDS research. What we do is related to IDS, but we target more specific problems to have more effective solutions (e.g., APT detection, malware detection, etc).

Future Students & Research Collaboration

I am always looking for active degree, master and Ph.D students and post-doc candidates interested to work in practical aspects of cyber-security and digital forensics! If you are having interests in cyber-security and digital forensics, I would love to hear from you! We can further discuss and define specific projects suitable for your level as follow:

  • Short-Term Research Projects (2-4 month suitable for master-by-course or final year degree students)I occasionally have good short-term (2-4 month) projects in digital forensics. These projects are suitable for final year degree students or master-by-course (MSc) candidates looking for advancing their skills in digital investigation and would like to have some publications.  I am usually expecting at least one journal paper out of short-term projects.
  • Ph.D and Master-by-Research (M.Phil) Research Projects (1-2 Year): I am almost always having good practical mid-term and long-term research projects for hardworking candidates! I believe master and Ph.D projects should be first well-defined and then passed to the talented students to complete them! IF you are looking to extend your research skills and expertise in digital forensics or cyber-security you may consider contacting me with a short-C.V and brief statement of interest.  
  • Post-doctoral projects (1-2 year): EU and U.K research funds are offering good opportunities to conduct post-doctoral research. As a post-doc applicant you should have a strong research proposal/plan, a good resume with several refereed journal papers, and patience to go through usually long funding application process. If you are looking for a post-doc position in digital forensics or malware analysis you may contact me with your resume and we can work on developing a strong research proposal for EU and UK funding calls! 
  • Visiting Fellows & Sabbatical projects (3 month-1 year): If you are an experienced researcher in cyber-forensics or security and looking for an international research center to spend your sabbatical leave or fellowship period you may consider joining us! Please feel free to contact me to further discuss opportunities and requirements. 
  • Remote Research CollaborationThe pervasive network connections made it much easier to remotely collaborate on different research topics. I am always keen to establish remote research collaboration with serious researchers! Surveying security awareness and contextual cyber-security research (in the context of your country/location) on previously established topics are usually good starting points for remote collaboration. If you are interested in remote research please feel free to contact me with a brief statement of your background and what you are looking for to initiate our collaboration.


Please refer to my Google Citation Profile , Scopus Citation Profile, DBLP,  Springer, IEEE! Please contact me if you need my full-updated list of publications!  

Past and Current Research Students 

I had/have the great opportunity to work with some beautiful minds!

  • Kaveh Shaerpour, Cloud Forensics - University Putra Malaysia (UPM)
  • Farhood Norouzizadeh Dezfoli, Mobile Forensics - University Putra Malaysia (UPM)
  • Farid Daryabar, Mobile Forensics - University Putra Malaysia (UPM)
  • Mohsen Damshenas, Malware Forensics- graduated 2014, University Putra Malaysia (UPM)
  • Dinara berdykhanova, Trusted Platform Modules (TPM) applications in banking systems, graduated 2010, Asia-Pacific University (APU)
  • Fathima Sabena, biometrics applications in identity management, graduated 2010, Asia-Pacific University (APU)
  • Muthilib Sidheeq, Botnet-based attacks in E-banking, graduated 2010, Asia-Pacific University (APU)
  • Darkhan Mukhatov, access control models in E-banking, graduated 2009, Asia-Pacific University (APU)
Please feel free to contact me for further information or to make an appointment.