Outputs (22)

PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework (2024)
Journal Article
Mckeown, S., Aaby, P., & Steyven, A. (2024). PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework. Forensic Science International: Digital Investigation, 48(Supplement), Article 301680

The automated comparison of visual content is a contemporary solution to scale the detection of illegal media and extremist material, both for detection on individual devices and in the cloud. However, the problem is difficult, and perceptual similar... Read More about PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework.

An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case (2024)
Conference Proceeding
Onyeashie, B., Leimich, P., McKeown, S., & Russell, G. (2024). An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case. In Big Data Technologies and Applications (156-167). https://doi.org/10.1007/978-3-031-52265-9_11

This paper presents a decentralised framework for sharing and managing evidence that uses smart lockers, blockchain technology, and the InterPlanetary File System (IPFS). The system incorporates Hyperledger Fabric blockchain for immutability and tamp... Read More about An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case.

A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence (2024)
Conference Proceeding
Onyeashie, B. I., Leimich, P., McKeown, S., & Russell, G. (2024). A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence. In Big Data Technologies and Applications. BDTA 2023. https://doi.org/10.1007/978-3-031-52265-9_8

The effective management of digital evidence is critical to modern forensic investigations. However, traditional evidence management approaches are often prone to security and integrity issues. In recent years, the use of blockchain technology has em... Read More about A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence.

FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface (2023)
Journal Article
Perry, S., Levick, D., & Mckeown, S. (in press). FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface. Journal of Digital Forensics, Security and Law,

Wearable and fitness tracking devices are commonplace, with global shipments forecast to continue rising in the future. These devices store a wealth of personal data that is useful to the forensic examiner. However, due to device fragmentation, acqui... Read More about FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface.

Hamming Distributions of Popular Perceptual Hashing Techniques (2023)
Journal Article
McKeown, S., & Buchanan, W. J. (2023). Hamming Distributions of Popular Perceptual Hashing Techniques. Forensic Science International: Digital Investigation, 44(Supplement), Article 301509. https://doi.org/10.1016/j.fsidi.2023.301509

Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechan... Read More about Hamming Distributions of Popular Perceptual Hashing Techniques.

Practical Cyber Threat Intelligence in the UK Energy Sector (2023)
Conference Proceeding
Paice, A., & McKeown, S. (2023). Practical Cyber Threat Intelligence in the UK Energy Sector. In Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media (3-23). https://doi.org/10.1007/978-981-19-6414-5_1

The UK energy sector is a prime target for cyber-attacks by foreign states, criminals, ‘hacktivist’ groups, and terrorists. As Critical National Infrastructure (CNI), the industry needs to understand the threats it faces to mitigate risks and make ef... Read More about Practical Cyber Threat Intelligence in the UK Energy Sector.

A forensic analysis of streaming platforms on Android OS (2022)
Journal Article
Murias, J. G., Levick, D., & McKeown, S. (2023). A forensic analysis of streaming platforms on Android OS. Forensic Science International: Digital Investigation, 44, Article 301485. https://doi.org/10.1016/j.fsidi.2022.301485

This work builds on existing research in streamed video reconstruction on the Android OS, which previously demonstrated that caching occurs in most cases for the Chrome and Firefox Web browsers. Prior work also outlined that streaming application cac... Read More about A forensic analysis of streaming platforms on Android OS.

A Comparative Analysis of Honeypots on Different Cloud Platforms (2021)
Journal Article
Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., & Buchanan, W. J. (2021). A Comparative Analysis of Honeypots on Different Cloud Platforms. Sensors, 21(7), Article 2433. https://doi.org/10.3390/s21072433

In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to special... Read More about A Comparative Analysis of Honeypots on Different Cloud Platforms.

Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach (2020)
Conference Proceeding
Christou, O., Pitropakis, N., Papadopoulos, P., Mckeown, S., & Buchanan, W. J. (2020). Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach. In Proceedings of the 6th International Conference on Information Systems Security and Privacy (289-298). https://doi.org/10.5220/0008902202890298

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be awa... Read More about Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach.

Microtargeting or Microphishing? Phishing Unveiled (2020)
Conference Proceeding
Khursheed, B., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020). Microtargeting or Microphishing? Phishing Unveiled. In Trust, Privacy and Security in Digital Business (89-105). https://doi.org/10.1007/978-3-030-58986-8_7

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, w... Read More about Microtargeting or Microphishing? Phishing Unveiled.

Using Amazon Alexa APIs as a Source of Digital Evidence (2020)
Conference Proceeding
Krueger, C., & Mckeown, S. (2020). Using Amazon Alexa APIs as a Source of Digital Evidence. . https://doi.org/10.1109/CyberSecurity49315.2020.9138849

With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their smart home ecosystem purely using voice commands. However, this also means th... Read More about Using Amazon Alexa APIs as a Source of Digital Evidence.

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment (2020)
Conference Proceeding
Chacon, J., Mckeown, S., & Macfarlane, R. (2020). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. . https://doi.org/10.1109/CyberSecurity49315.2020.9138859

Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deploye... Read More about Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment.

Forensic Considerations for the High Efficiency Image File Format (HEIF) (2020)
Conference Proceeding
Mckeown, S., & Russell, G. (2020). Forensic Considerations for the High Efficiency Image File Format (HEIF). . https://doi.org/10.1109/CyberSecurity49315.2020.9138890

The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to re... Read More about Forensic Considerations for the High Efficiency Image File Format (HEIF).

Testing And Hardening IoT Devices Against the Mirai Botnet (2020)
Conference Proceeding
Kelly, C., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020). Testing And Hardening IoT Devices Against the Mirai Botnet. . https://doi.org/10.1109/CyberSecurity49315.2020.9138887

A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Amo... Read More about Testing And Hardening IoT Devices Against the Mirai Botnet.

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

Utilising Reduced File Representations to Facilitate Fast Contraband Detection (2019)
Thesis
McKeown, S. Utilising Reduced File Representations to Facilitate Fast Contraband Detection. (Thesis). Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/Output/2386199

Digital forensics practitioners can be tasked with analysing digital data, in all its forms, for legal proceedings. In law enforcement, this largely involves searching for contraband media, such as illegal images and videos, on a wide array of electr... Read More about Utilising Reduced File Representations to Facilitate Fast Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560680

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560671

Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited by bandwidth constraints when accessing this kind of data using traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2017). Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

InfoScout: An interactive, entity centric, person search tool. (2016)
Conference Proceeding
McKeown, S., Buivys, M., & Azzopardi, L. (2016). InfoScout: An interactive, entity centric, person search tool. In SIGIR '16 Proceedings of the 39th International ACM SIGIR conference on Research and Development in Information Retrieval (1113-1116). https://doi.org/10.1145/2911451.2911468

Individuals living in highly networked societies publish a large amount of personal, and potentially sensitive, information online. Web investigators can exploit such information for a variety of purposes, such as in background vetting and fraud dete... Read More about InfoScout: An interactive, entity centric, person search tool..

Investigating people: a qualitative analysis of the search behaviours of open-source intelligence analysts (2014)
Conference Proceeding
McKeown, S., Maxwell, D., Azzopardi, L., & Glisson, W. B. (2014). Investigating people: a qualitative analysis of the search behaviours of open-source intelligence analysts. In IIiX '14: Proceedings of the 5th Information Interaction in Context Symposium (175-184). https://doi.org/10.1145/2637002.2637023

The Internet and the World Wide Web have become integral parts of the lives of many modern individuals, enabling almost instantaneous communication, sharing and broadcasting of thoughts, feelings and opinions. Much of this information is publicly fac... Read More about Investigating people: a qualitative analysis of the search behaviours of open-source intelligence analysts.