Skip to main content

Research Repository

Advanced Search

Outputs (22)

Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics (2024)
Presentation / Conference Contribution
Thomson, M., McKeown, S., Macfarlane, R., & Leimich, P. (2025, April). Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics. Presented at The Digital Forensics Research Conference Europe (DFRWS EU 2025) Digital Forensics Doctoral Symposium (DFDS), Brno, Czech Republic

Generative Artificial Intelligence (GenAI) has significantly increased the sophistication and ease of image tampering techniques, posing challenges for digital forensics in identifying manipulated images. A lack of dataset standardisation hinders the... Read More about Exploring Dataset Diversity for GenAI Image Tampering Localisation in Digital Forensics.

Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes (2024)
Presentation / Conference Contribution
Mckeown, S. (2025, April). Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes. Presented at DFRWS EU 2025, Brno, Czech Republic

Forensic analysts are often tasked with analysing large volumes of data in modern investigations, and frequently make use of hashing technologies to identify previously encountered images. Perceptual hashes, which seek to model the semantic (visual)... Read More about Beyond Hamming Distance: Exploring Spatial Encoding in Perceptual Hashes.

Exploring DTrace as an Incident Response Tool for Unix Systems (2024)
Presentation / Conference Contribution
Duin, J., Mckeown, S., & Abubakar, M. (2024, June). Exploring DTrace as an Incident Response Tool for Unix Systems. Presented at Cyber Science 2024, Edinburgh, Scotland

Critical National Infrastructure (CNI) is often the target of sophisticated and sustained cyber attacks perpetrated by advanced threat actors with considerable resources. These attacks can lead to interruptions in core services such as energy and wa... Read More about Exploring DTrace as an Incident Response Tool for Unix Systems.

PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework (2024)
Presentation / Conference Contribution
Mckeown, S., Aaby, P., & Steyven, A. PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework. Presented at DFRWS EU 2024, Zaragoza, Spain

The automated comparison of visual content is a contemporary solution to scale the detection of illegal media and extremist material, both for detection on individual devices and in the cloud. However, the problem is difficult, and perceptual similar... Read More about PHASER: Perceptual Hashing Algorithms Evaluation and Results -an Open Source Forensic Framework.

A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence (2024)
Presentation / Conference Contribution
Onyeashie, B. I., Leimich, P., McKeown, S., & Russell, G. (2023, August). A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence. Presented at EAI BDTA 2023 - 13th EAI International Conference on Big Data Technologies and Applications, Edinburgh, UK

The effective management of digital evidence is critical to modern forensic investigations. However, traditional evidence management approaches are often prone to security and integrity issues. In recent years, the use of blockchain technology has em... Read More about A Bibliometric Analysis and Systematic Review of a Blockchain-Based Chain of Custody for Digital Evidence.

An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case (2024)
Presentation / Conference Contribution
Onyeashie, B., Leimich, P., McKeown, S., & Russell, G. (2023, August). An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case. Presented at EAI BDTA 2023 - 13th EAI International Conference on Big Data Technologies and Applications, Edinburgh

This paper presents a decentralised framework for sharing and managing evidence that uses smart lockers, blockchain technology, and the InterPlanetary File System (IPFS). The system incorporates Hyperledger Fabric blockchain for immutability and tamp... Read More about An Auditable Framework for Evidence Sharing and Management using Smart Lockers and Distributed Technologies: Law Enforcement Use Case.

OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks (2023)
Presentation / Conference Contribution
Uzonyi, D. G., Pitropakis, N., McKeown, S., & Politis, I. (2023, November). OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks. Presented at 2023 IEEE 28th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Edinburgh, UK

Security and authentication are ubiquitous problems that impact all modern networked systems. Password-based authentication systems are still prevalent, and information leaked via other channels may be used to attack networked systems. Researchers ha... Read More about OPSEC VS Leaked Credentials: Password reuse in Large-Scale Data Leaks.

FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface (2023)
Journal Article
Perry, S., Levick, D., & Mckeown, S. (in press). FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface. Journal of Digital Forensics, Security and Law,

Wearable and fitness tracking devices are commonplace, with global shipments forecast to continue rising in the future. These devices store a wealth of personal data that is useful to the forensic examiner. However, due to device fragmentation, acqui... Read More about FitForensics: A Tool to Acquire Data from FIT-Compatible Wearables via the USB Mass Storage Interface.

Hamming Distributions of Popular Perceptual Hashing Techniques (2023)
Journal Article
McKeown, S., & Buchanan, W. J. (2023). Hamming Distributions of Popular Perceptual Hashing Techniques. Forensic Science International: Digital Investigation, 44(Supplement), Article 301509. https://doi.org/10.1016/j.fsidi.2023.301509

Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechan... Read More about Hamming Distributions of Popular Perceptual Hashing Techniques.

A forensic analysis of streaming platforms on Android OS (2022)
Journal Article
Murias, J. G., Levick, D., & McKeown, S. (2023). A forensic analysis of streaming platforms on Android OS. Forensic Science International: Digital Investigation, 44, Article 301485. https://doi.org/10.1016/j.fsidi.2022.301485

This work builds on existing research in streamed video reconstruction on the Android OS, which previously demonstrated that caching occurs in most cases for the Chrome and Firefox Web browsers. Prior work also outlined that streaming application cac... Read More about A forensic analysis of streaming platforms on Android OS.

A Comparative Analysis of Honeypots on Different Cloud Platforms (2021)
Journal Article
Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., & Buchanan, W. J. (2021). A Comparative Analysis of Honeypots on Different Cloud Platforms. Sensors, 21(7), Article 2433. https://doi.org/10.3390/s21072433

In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to special... Read More about A Comparative Analysis of Honeypots on Different Cloud Platforms.

Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach (2020)
Presentation / Conference Contribution
Christou, O., Pitropakis, N., Papadopoulos, P., Mckeown, S., & Buchanan, W. J. (2020, February). Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach. Presented at ICISSP 2020, Valletta, Malta

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be awa... Read More about Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach.

Using Amazon Alexa APIs as a Source of Digital Evidence (2020)
Presentation / Conference Contribution
Krueger, C., & Mckeown, S. (2020, June). Using Amazon Alexa APIs as a Source of Digital Evidence. Presented at International Conference on Cyber Incident Response, Coordination, Containment & Control (Cyber Incident 2020), Dublin, Ireland

With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their smart home ecosystem purely using voice commands. However, this also means th... Read More about Using Amazon Alexa APIs as a Source of Digital Evidence.

Forensic Considerations for the High Efficiency Image File Format (HEIF) (2020)
Presentation / Conference Contribution
Mckeown, S., & Russell, G. (2020, June). Forensic Considerations for the High Efficiency Image File Format (HEIF). Presented at International Conference on Cyber Incident Response, Coordination, Containment & Control (Cyber Incident 2020), Dublin, Ireland

The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to re... Read More about Forensic Considerations for the High Efficiency Image File Format (HEIF).

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment (2020)
Presentation / Conference Contribution
Chacon, J., Mckeown, S., & Macfarlane, R. (2020, June). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland

Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deploye... Read More about Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment.

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, UK

Cloud based storage is increasing in popularity, with
large volumes of data being stored remotely. Digital forensics
investigators examining such systems remotely are limited by
bandwidth constraints when accessing this kind of data using
traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Sub-file Hashing Strategies for Fast Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, Scotland

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2017, May). Fast Filtering of Known PNG Files Using Early File Features. Presented at Annual Conference on Digital Forensics, Security and Law, Daytona Beach, Florida

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.