Skip to main content

Research Repository

Advanced Search

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

A Forensic Audit of the Tor Browser Bundle (2019)
Journal Article
Muir, M., Leimich, P., & Buchanan, W. J. (2019). A Forensic Audit of the Tor Browser Bundle. Digital Investigation, 29, 118-128. https://doi.org/10.1016/j.diin.2019.03.009

The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its lo... Read More about A Forensic Audit of the Tor Browser Bundle.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Sub-file Hashing Strategies for Fast Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, Scotland

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, UK

Cloud based storage is increasing in popularity, with
large volumes of data being stored remotely. Digital forensics
investigators examining such systems remotely are limited by
bandwidth constraints when accessing this kind of data using
traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2017, May). Fast Filtering of Known PNG Files Using Early File Features. Presented at Annual Conference on Digital Forensics, Security and Law, Daytona Beach, Florida

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

A RAM triage methodology for Hadoop HDFS forensics (2016)
Journal Article
Leimich, P., Harrison, J., & Buchanan, W. J. (2016). A RAM triage methodology for Hadoop HDFS forensics. Digital Investigation, 18, 96-109. https://doi.org/10.1016/j.diin.2016.07.003

This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during... Read More about A RAM triage methodology for Hadoop HDFS forensics.

From crime to court - an experience report of a digital forensics group project module. (2014)
Presentation / Conference Contribution
Leimich, P., Ferguson, I., & Coull, N. (2014, November). From crime to court - an experience report of a digital forensics group project module. Paper presented at HEA Teaching Computer Forensics Workshop

This paper discusses the large-scale group project undertaken by BSc Hons Digital Forensics
students at Abertay University in their penultimate year. The philosophy of the project is to
expose students to the full digital crime "life cycle", from c... Read More about From crime to court - an experience report of a digital forensics group project module..

A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android. (2014)
Presentation / Conference Contribution
Comer, S., & Leimich, P. (2014, July). A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training

Nowadays there is almost no crime committed without a trace of digital evidence,
and since the advanced functionality of mobile devices today can be exploited to
assist in crime, the need for mobile forensics is imperative. Many of the mobile
appl... Read More about A Comparison of Geo-tagging in Mobile Internet Browsing Applications on iOS and Android..

An assessment of data leakage in Firefox under different conditions. (2014)
Presentation / Conference Contribution
Findlay, C., & Leimich, P. (2014, July). An assessment of data leakage in Firefox under different conditions. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training

Data leakage is a serious issue and can result in the loss of sensitive data,
compromising user accounts and details, potentially affecting millions of internet
users. This paper contributes to research in online security and reducing personal
foo... Read More about An assessment of data leakage in Firefox under different conditions..

An investigation into PL/SQL Injection. (2013)
Presentation / Conference Contribution
Paterson, R., & Leimich, P. (2013, June). An investigation into PL/SQL Injection. Presented at CyberForensics 2013: 3rd International Conference on Cybercrime, Security and Digital Forensics

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparin... Read More about An investigation into PL/SQL Injection..

On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space (2012)
Presentation / Conference Contribution
Bagley, R., Ferguson, R. I., & Leimich, P. (2012, September). On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space. Paper presented at CFET (Cyberforensics in Education and Training )

A technique and supporting tool for the recovery of browsing activity (both currently stored and deleted) from the Firefox web-browser is presented. The approach is based upon applying file-carving techniques (matching regular expressions against raw... Read More about On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space.