All Outputs (26)

Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics (2024)
Presentation / Conference Contribution
Thomson, M., McKeown, S., Macfarlane, R., & Leimich, P. (2025, April). Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics. Presented at The Digital Forensics Research Conference Europe (DFRWS EU 2025) Digital Forensics Doctoral Symposium (DFDS), Brno, Czech Republic

Generative Artificial Intelligence (GenAI) has significantly increased the sophistication and ease of image tampering techniques, posing challenges for digital forensics in identifying manipulated images. A lack of dataset standardisation hinders the... Read More about Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics.

Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes (2024)
Presentation / Conference Contribution
McKeown, S. (2025, April). Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes. Presented at DFRWS EU 2025, Brno, Czech Republic

Forensic analysts are often tasked with analysing large volumes of data in modern investigations, and frequently make use of hashing technologies to identify previously encountered images. Perceptual hashes, which seek to model the semantic (visual)... Read More about Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes.

Exploring DTrace as an Incident Response Tool for Unix Systems (2024)
Presentation / Conference Contribution
Duin, J., Mckeown, S., & Abubakar, M. (2024, June). Exploring DTrace as an Incident Response Tool for Unix Systems. Presented at Cyber Science 2024, Edinburgh, Scotland

Critical National Infrastructure (CNI) is often the target of sophisticated and sustained cyber attacks perpetrated by advanced threat actors with considerable resources. These attacks can lead to interruptions in core services such as energy and wa... Read More about Exploring DTrace as an Incident Response Tool for Unix Systems.

PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework (2024)
Presentation / Conference Contribution
Mckeown, S., Aaby, P., & Steyven, A. PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework. Presented at DFRWS EU 2024, Zaragoza, Spain

The automated comparison of visual content is a contemporary solution to scale the detection of illegal media and extremist material, both for detection on individual devices and in the cloud. However, the problem is difficult, and perceptual similar... Read More about PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework.

An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case (2024)
Presentation / Conference Contribution
Onyeashie, B., Leimich, P., McKeown, S., & Russell, G. (2023, August). An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case. Presented at EAI BDTA 2023 - 13th EAI International Conference on Big Data Technologies and Applications, Edinburgh

This paper presents a decentralised framework for sharing and managing evidence that uses smart lockers, blockchain technology, and the InterPlanetary File System (IPFS). The system incorporates Hyperledger Fabric blockchain for immutability and tamp... Read More about An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case.

A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence (2024)
Presentation / Conference Contribution
Onyeashie, B. I., Leimich, P., McKeown, S., & Russell, G. (2023, August). A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence. Presented at EAI BDTA 2023 - 13th EAI International Conference on Big Data Technologies and Applications, Edinburgh, UK

The effective management of digital evidence is critical to modern forensic investigations. However, traditional evidence management approaches are often prone to security and integrity issues. In recent years, the use of blockchain technology has em... Read More about A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence.

OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks (2023)
Presentation / Conference Contribution
Uzonyi, D. G., Pitropakis, N., McKeown, S., & Politis, I. (2023, November). OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks. Presented at 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Edinburgh, UK

Security and authentication are ubiquitous problems that impact all modern networked systems. Password-based authentication systems are still prevalent, and information leaked via other channels may be used to attack networked systems. Researchers ha... Read More about OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks.

FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface (2023)
Journal Article
Perry, S., Levick, D., & Mckeown, S. (in press). FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface. Journal of Digital Forensics, Security and Law,

Wearable and fitness tracking devices are commonplace, with global shipments forecast to continue rising in the future. These devices store a wealth of personal data that is useful to the forensic examiner. However, due to device fragmentation, acqui... Read More about FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface.

Hamming Distributions of Popular Perceptual Hashing Techniques (2023)
Journal Article
McKeown, S., & Buchanan, W. J. (2023). Hamming Distributions of Popular Perceptual Hashing Techniques. Forensic Science International: Digital Investigation, 44(Supplement), Article 301509. https://doi.org/10.1016/j.fsidi.2023.301509

Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechan... Read More about Hamming Distributions of Popular Perceptual Hashing Techniques.

Practical Cyber Threat Intelligence in the UK Energy Sector (2023)
Presentation / Conference Contribution
Paice, A., & McKeown, S. (2022, June). Practical Cyber Threat Intelligence in the UK Energy Sector. Presented at International Conference on Cybersecurity, Situational Awareness and Social Media (Cyber Science 2022), Cardiff Metropolitan University, Wales

The UK energy sector is a prime target for cyber-attacks by foreign states, criminals, ‘hacktivist’ groups, and terrorists. As Critical National Infrastructure (CNI), the industry needs to understand the threats it faces to mitigate risks and make ef... Read More about Practical Cyber Threat Intelligence in the UK Energy Sector.

A forensic analysis of streaming platforms on Android OS (2022)
Journal Article
Murias, J. G., Levick, D., & McKeown, S. (2023). A forensic analysis of streaming platforms on Android OS. Forensic Science International: Digital Investigation, 44, Article 301485. https://doi.org/10.1016/j.fsidi.2022.301485

This work builds on existing research in streamed video reconstruction on the Android OS, which previously demonstrated that caching occurs in most cases for the Chrome and Firefox Web browsers. Prior work also outlined that streaming application cac... Read More about A forensic analysis of streaming platforms on Android OS.

A Comparative Analysis of Honeypots on Different Cloud Platforms (2021)
Journal Article
Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., & Buchanan, W. J. (2021). A Comparative Analysis of Honeypots on Different Cloud Platforms. Sensors, 21(7), Article 2433. https://doi.org/10.3390/s21072433

In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to special... Read More about A Comparative Analysis of Honeypots on Different Cloud Platforms.

Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach (2020)
Presentation / Conference Contribution
Christou, O., Pitropakis, N., Papadopoulos, P., Mckeown, S., & Buchanan, W. J. (2020, February). Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach. Presented at ICISSP 2020, Valletta, Malta

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be awa... Read More about Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach.

Microtargeting or Microphishing? Phishing Unveiled (2020)
Presentation / Conference Contribution
Khursheed, B., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020, September). Microtargeting or Microphishing? Phishing Unveiled. Presented at The 17th International Conference on Trust, Privacy and Security in Digital Business - TrustBus2020, Bratislava, Slovakia

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, w... Read More about Microtargeting or Microphishing? Phishing Unveiled.

Forensic Considerations for the High Efficiency Image File Format (HEIF) (2020)
Presentation / Conference Contribution
Mckeown, S., & Russell, G. (2020, June). Forensic Considerations for the High Efficiency Image File Format (HEIF). Presented at International Conference on Cyber Incident Response, Coordination, Containment & Control (Cyber Incident 2020), Dublin, Ireland

The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to re... Read More about Forensic Considerations for the High Efficiency Image File Format (HEIF).

Using Amazon Alexa APIs as a Source of Digital Evidence (2020)
Presentation / Conference Contribution
Krueger, C., & Mckeown, S. (2020, June). Using Amazon Alexa APIs as a Source of Digital Evidence. Presented at International Conference on Cyber Incident Response, Coordination, Containment & Control (Cyber Incident 2020), Dublin, Ireland

With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their smart home ecosystem purely using voice commands. However, this also means th... Read More about Using Amazon Alexa APIs as a Source of Digital Evidence.

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment (2020)
Presentation / Conference Contribution
Chacon, J., Mckeown, S., & Macfarlane, R. (2020, June). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland

Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deploye... Read More about Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment.

Testing And Hardening IoT Devices Against the Mirai Botnet (2020)
Presentation / Conference Contribution
Kelly, C., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020, June). Testing And Hardening IoT Devices Against the Mirai Botnet. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland

A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Amo... Read More about Testing And Hardening IoT Devices Against the Mirai Botnet.

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

Utilising Reduced File Representations to Facilitate Fast Contraband Detection (2019)
Thesis
McKeown, S. Utilising Reduced File Representations to Facilitate Fast Contraband Detection. (Thesis). Edinburgh Napier University. http://researchrepository.napier.ac.uk/Output/2386199

Digital forensics practitioners can be tasked with analysing digital data, in all its forms, for legal proceedings. In law enforcement, this largely involves searching for contraband media, such as illegal images and videos, on a wide array of electr... Read More about Utilising Reduced File Representations to Facilitate Fast Contraband Detection.