8 results

A Forensic Audit of the Tor Browser Bundle

Journal Article
Muir, M., Leimich, P., & Buchanan, W. J. (2019)
A Forensic Audit of the Tor Browser Bundle. Digital Investigation, 29, 118-128. https://doi.org/10.1016/j.diin.2019.03.009
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protoc...

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560671
Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited ...

Sub-file Hashing Strategies for Fast Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560680
Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for man...

Fingerprinting JPEGs With Optimised Huffman Tables

Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018)
Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), https://doi.org/10.15394/jdfsl.2018.1451
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algor...

Fast Filtering of Known PNG Files Using Early File Features

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2017)
Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algor...

A RAM triage methodology for Hadoop HDFS forensics

Journal Article
Leimich, P., Harrison, J., & Buchanan, W. J. (2016)
A RAM triage methodology for Hadoop HDFS forensics. Digital Investigation, 18, 96-109. https://doi.org/10.1016/j.diin.2016.07.003
This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situatio...

From crime to court - an experience report of a digital forensics group project module.

Presentation / Conference
Leimich, P., Ferguson, I., & Coull, N. (2014, November)
From crime to court - an experience report of a digital forensics group project module. Paper presented at HEA Teaching Computer Forensics Workshop, Sunderland, UK
This paper discusses the large-scale group project undertaken by BSc Hons Digital Forensics students at Abertay University in their penultimate year. The philosophy of the pro...

On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space

Presentation / Conference
Bagley, R., Ferguson, R. I., & Leimich, P. (2012, September)
On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space. Paper presented at CFET (Cyberforensics in Education and Training
A technique and supporting tool for the recovery of browsing activity (both currently stored and deleted) from the Firefox web-browser is presented. The approach is based upon...