Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

A Forensic Audit of the Tor Browser Bundle (2019)
Journal Article
Muir, M., Leimich, P., & Buchanan, W. J. (2019). A Forensic Audit of the Tor Browser Bundle. Digital Investigation, 29, 118-128. https://doi.org/10.1016/j.diin.2019.03.009

The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its lo... Read More about A Forensic Audit of the Tor Browser Bundle.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560671

Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited by bandwidth constraints when accessing this kind of data using traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560680

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2017). Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

A RAM triage methodology for Hadoop HDFS forensics (2016)
Journal Article
Leimich, P., Harrison, J., & Buchanan, W. J. (2016). A RAM triage methodology for Hadoop HDFS forensics. Digital Investigation, 18, 96-109. https://doi.org/10.1016/j.diin.2016.07.003

This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during... Read More about A RAM triage methodology for Hadoop HDFS forensics.

From crime to court - an experience report of a digital forensics group project module. (2014)
Presentation / Conference
Leimich, P., Ferguson, I., & Coull, N. (2014, November). From crime to court - an experience report of a digital forensics group project module. Paper presented at HEA Teaching Computer Forensics Workshop

This paper discusses the large-scale group project undertaken by BSc Hons Digital Forensics students at Abertay University in their penultimate year. The philosophy of the project is to expose students to the full digital crime "life cycle", from c... Read More about From crime to court - an experience report of a digital forensics group project module..

An assessment of data leakage in Firefox under different conditions. (2014)
Presentation / Conference
Findlay, C., & Leimich, P. (2014, July). An assessment of data leakage in Firefox under different conditions. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training

Data leakage is a serious issue and can result in the loss of sensitive data, compromising user accounts and details, potentially affecting millions of internet users. This paper contributes to research in online security and reducing personal foo... Read More about An assessment of data leakage in Firefox under different conditions..

A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android. (2014)
Presentation / Conference
Comer, S., & Leimich, P. (2014, July). A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training

Nowadays there is almost no crime committed without a trace of digital evidence, and since the advanced functionality of mobile devices today can be exploited to assist in crime, the need for mobile forensics is imperative. Many of the mobile appl... Read More about A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android..

An investigation into PL/SQL Injection. (2013)
Conference Proceeding
Paterson, R., & Leimich, P. (2013). An investigation into PL/SQL Injection.

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparin... Read More about An investigation into PL/SQL Injection..

On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space (2012)
Presentation / Conference
Bagley, R., Ferguson, R. I., & Leimich, P. (2012, September). On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space. Paper presented at CFET (Cyberforensics in Education and Training )

A technique and supporting tool for the recovery of browsing activity (both currently stored and deleted) from the Firefox web-browser is presented. The approach is based upon applying file-carving techniques (matching regular expressions against raw... Read More about On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space.