Dr Sean McKeown

Sean McKeown

Lecturer

Biography	Sean McKeown (FHEA) is an early career academic at Edinburgh Napier University, a post which he began at the end of his PhD work. He obtained a BSc in Computer Science from the university of Glasgow in 2007, followed by an MA (Hons) in Philosophy (2011) and MSc in Digital Forensics and E-Discovery (2013) form the same institution. He subsequently joined the Information Retrieval group at the University of Glasgow as a researcher for two years and worked closely with a local investigation company on Web based, person-centric, Open-Source Intelligence (OSINT) investigations. This early work produced both research papers and prototype applications to enhance the efficacy of OSINT investigators in the real world, reducing the time taken for investigators them to find relevant information. This work was aimed at quickly finding information on subjects relating to various types of fraud, which costs the UK economy approximately 200 billion pounds each year. As such, even a small reduction in the time taken to pursue such investigations may have a large economic impact. After joining Edinburgh Napier, Sean’s research switched focus to facilitating faster Digital Forensics processing for contraband media investigations. This area is of great importance as police departments across the country are underfunded and faced with huge investigative backlogs, deferring sentences for the guilty, and placing innocent parties under great social and mental strain. The research from Sean’s PhD addressed this issue through a form of file level data reduction, meaning that less data needs to be read and processed from a typical computer. The techniques have been shown to be particularly effective on solid state media, reducing contraband detection times by up to two orders of magnitude in some cases. Substantial improvements were also recorded for hard disks, however, as more devices make use of non-magnetic media, the proposed techniques will only increase in value. This research gained the attention of a local digital forensics technology company following an exhibition at SICSA DemoFest in 2017, resulting in talks about how such an approach may be incorporated in commercial products. An additional strand of this work focuses on incredibly rapid initial forensics triage by making use of existing thumbnails found on the device, which can detect contraband on a terabyte disk in a matter of seconds. This level of rapid triage allows law enforcement personnel to quickly assess a property for contraband during the execution of a search warrant. This allows for a selective seizure of devices, saving an enormous number of person and processing hours, while cutting down on evidence storage costs. More recent research focuses on the analysis of the High Efficiency Image File Format (HEIF) which is used by modern Apple devices. The format does not have wide software support, neither for consumers nor investigators, which poses a particular problem as the HEIF container format allows for complex data structures, which can be difficult to analyse. Sean is module leader of Computer Systems and is also involved in the delivery of several cyber security and forensics modules, as well as overseeing a number of student projects. He is also the student demonstrator coordinator for the School of Computing.
Research Interests	Digital Forensics (triage, thumbnails, partial files) Digital Investigations Cyber security

Biography

Sean McKeown (FHEA) is an early career academic at Edinburgh Napier University, a post which he began at the end of his PhD work. He obtained a BSc in Computer Science from the university of Glasgow in 2007, followed by an MA (Hons) in Philosophy (2011) and MSc in Digital Forensics and E-Discovery (2013) form the same institution. He subsequently joined the Information Retrieval group at the University of Glasgow as a researcher for two years and worked closely with a local investigation company on Web based, person-centric, Open-Source Intelligence (OSINT) investigations. This early work produced both research papers and prototype applications to enhance the efficacy of OSINT investigators in the real world, reducing the time taken for investigators them to find relevant information. This work was aimed at quickly finding information on subjects relating to various types of fraud, which costs the UK economy approximately 200 billion pounds each year. As such, even a small reduction in the time taken to pursue such investigations may have a large economic impact.

After joining Edinburgh Napier, Sean’s research switched focus to facilitating faster Digital Forensics processing for contraband media investigations. This area is of great importance as police departments across the country are underfunded and faced with huge investigative backlogs, deferring sentences for the guilty, and placing innocent parties under great social and mental strain.

The research from Sean’s PhD addressed this issue through a form of file level data reduction, meaning that less data needs to be read and processed from a typical computer. The techniques have been shown to be particularly effective on solid state media, reducing contraband detection times by up to two orders of magnitude in some cases. Substantial improvements were also recorded for hard disks, however, as more devices make use of non-magnetic media, the proposed techniques will only increase in value. This research gained the attention of a local digital forensics technology company following an exhibition at SICSA DemoFest in 2017, resulting in talks about how such an approach may be incorporated in commercial products. An additional strand of this work focuses on incredibly rapid initial forensics triage by making use of existing thumbnails found on the device, which can detect contraband on a terabyte disk in a matter of seconds. This level of rapid triage allows law enforcement personnel to quickly assess a property for contraband during the execution of a search warrant. This allows for a selective seizure of devices, saving an enormous number of person and processing hours, while cutting down on evidence storage costs.

More recent research focuses on the analysis of the High Efficiency Image File Format (HEIF) which is used by modern Apple devices. The format does not have wide software support, neither for consumers nor investigators, which poses a particular problem as the HEIF container format allows for complex data structures, which can be difficult to analyse.

Sean is module leader of Computer Systems and is also involved in the delivery of several cyber security and forensics modules, as well as overseeing a number of student projects. He is also the student demonstrator coordinator for the School of Computing.

Research Interests

Digital Forensics (triage, thumbnails, partial files)
Digital Investigations
Cyber security

Dr Sean McKeown

SheetJS Community Edition

PDF.js

Font Awesome