Áine MacDermott | Liverpool John Moores University (original) (raw)

Papers by Áine MacDermott

Research paper thumbnail of A Methodology to Develop Dynamic Cost-Centric Risk Impact Metrics

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

It is widely accepted that modern computer networks (often presented as a heterogeneous collectio... more It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This paper proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack, an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem's parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. The interactions between vulnerabilities are considered and dynamic impact metric is developed, which can be seen as a baseline between the static metric and the interaction between the exposures.

Research paper thumbnail of Evaluating Interdependencies and Cascading Failures Using Distributed Attack Graph Generation Methods for Critical Infrastructure Defence

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

Attack graphs facilitate modelling, detection and analysis of networks, along with providing the ... more Attack graphs facilitate modelling, detection and analysis of networks, along with providing the functionality to identify potential vulnerabilities and risks within networked systems. When attack graphs are applied to large heterogeneous collaborative infrastructures i.e. Systems-of-Systems (such as critical infrastructures), existing schemas struggle to detect and evaluate interdependencies and cascading failures. The failings of these existing schemas include but are not limited to, the inability to accurately ascertain the relationships and interdependencies between risks, to adequately identify and visualise the consequences of identified risks, and the inability to reduce attack graph size and generation complexity. Having simulated a city based on real-world scenarios and critical infrastructures, we can visualise the effects of cascading failure. Data extracted from the simulation will be used to evaluate our schema, and will assist in the analysis of the potential consequences of component and system failures. We discuss the benefits of a distributed schema which utilises attack graph generation methods, which provides a means for collaborative interdependent systems to be fully analysed, along with assisting in the identification of interdependencies and cascading failures which will be visualised and reported.

Research paper thumbnail of The Development of Fraud Detection Systems for Detection of Potentially Fraudulent Applications

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

The size of fraudulent activity is increasing rapidly, with individuals and organisations being a... more The size of fraudulent activity is increasing rapidly, with individuals and organisations being at great risk. This paper inspects and determines the various components required to deliver a successful fraud detection system. It is hoped that in reading this report, the reader will comprehend what is required and see the true benefit of implementing such a solution. Following the structure of a robust methodology, all required development stages will be addressed, ensuring the new system is built to its highest standard. With this in mind, this paper presents the various components required to deliver a successful fraud detection system. It structures what is required and see the true benefit of implementing such a solution. Following the structure of a robust methodology, all required development stages will be addressed, ensuring the new system is built to its highest standard. Through the careful design and successful implementation of an effective system, it is hoped that deployment of the new fraud detection system will highlight its capabilities in detecting fraud across user application within the financial business sector.

Research paper thumbnail of Detecting Intrusions in the Cloud Environment

Due to the scalability of resources and performance, as well as improved maintainability, it is a... more Due to the scalability of resources and performance, as well as improved maintainability, it is apparent that cloud computing will eventually reach IT services that are operating critical infrastructures. Since IT infrastructures have become an integral part of almost all organisations, cloud computing will have a significant impact on them. The scale and dynamic nature of cloud computing cause challenges for their management, including investigating malicious activity and/or policy failure. Sufficient security measures need to ensure the confidentiality, integrity and availability of the data in the cloud. Hosting infrastructure services, and storing sensitive data in the cloud environment brings with it security and resilience requirements that existing cloud services are not well placed to address. Protecting sensitive critical infrastructure data in the cloud computing environment, through the development of innovative techniques for detecting intrusions is the current focus of ...

Research paper thumbnail of Protecting Critical Infrastructure Services in the Cloud Environment

Due to the scalability of resources and performance, as well as improved maintainability it is ap... more Due to the scalability of resources and performance, as well as improved maintainability it is apparent that cloud computing will eventually reach IT services that are operating critical infrastructures. Since IT infrastructures have become an integral part of almost all organisations, cloud computing will have a significant impact on them. Protecting sensitive critical infrastructure data in the cloud environment is the explicit focus of our work. The scale and dynamic nature of cloud computing cause challenges for their management, including investigating malicious activity and/or policy failure. Sufficient security metrics needs to ensure the confidentiality, integrity, and availability of the data on the cloud. Hosting critical infrastructure services in the cloud brings with it security and resilience requirements that existing cloud services are not well placed to address. Gaining a deeper understanding of the infrastructure security needs is of utmost importance as there is c...

Research paper thumbnail of Improving communication between health-care professionals and patients with limited English proficiency in the general practice setting

Australian Journal of Primary Health, 2015

Quality service provision and patient safety and satisfaction in encounters with health-care prof... more Quality service provision and patient safety and satisfaction in encounters with health-care professionals relies on effective communication between the practitioner and patient. This study aimed to identify effective practices for improving communication between clinical staff in general practice and patients with limited English proficiency, and to promote their implementation in general practice. Effective interventions and strategies were identified from a review of international research. Experiences with their use in practice were explored via focus group discussions with general practitioners and practice nurses. The results suggest that, wherever possible, communication in the patient’s primary language is preferable; use of a qualified medical interpreter should be promoted, and practices should have a standardised and documented procedure for accessing interpreter services. General practice staff must increase their awareness about services that are available to facilitate...

Research paper thumbnail of Using deep learning to detect social media ‘trolls’

Forensic Science International: Digital Investigation

Research paper thumbnail of A GPU-based machine learning approach for detection of botnet attacks

Research paper thumbnail of Forensic analysis of ephemeral messaging applications: Disappearing messages or evidential data?

Forensic Science International: Digital Investigation

Research paper thumbnail of Digital Forensic Acquisition and Analysis of Discord Applications

2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), 2020

Research paper thumbnail of Trust-Based Data Controller for Personal Information Management

2018 International Conference on Innovations in Information Technology (IIT), 2018

In today's data-driven digital economy, user-related information works as oil to fuel the sta... more In today's data-driven digital economy, user-related information works as oil to fuel the state of art applications and services. Consumers, who use these services, provide personal information to service providers, intentionally or unintentionally and often without considering their trustworthiness. However, this personal information often reveals one's identity and may lead users to face unexpected outcomes, ranging from uninvited advertisements to identity theft. To regulate such issues, the new General Data Protection Regulation (GDPR) act was introduced by the European Union in May 2018. As defined by the act, the data controller plays an important role in determining the purposes, conditions and the means of processing data without compromising the user identities for malicious intentions. Therefore, in this paper, we propose a trust-based data controller in which an intermediate authority named trust manager recommends preferable actions towards the data controller on preserving the privacy of the users in accordance with the GDPR act.

Research paper thumbnail of Privacy Preserving Issues in the Dynamic Internet of Things (IoT)

2020 International Symposium on Networks, Computers and Communications (ISNCC), 2020

Convergence of critical infrastructure and data, including government and enterprise, to the dyna... more Convergence of critical infrastructure and data, including government and enterprise, to the dynamic Internet of Things (IoT) environment and future digital ecosystems exhibit significant challenges for privacy and identity in these interconnected domains. There are an increasing variety of devices and technologies being introduced, rendering existing security tools inadequate to deal with the dynamic scale and varying actors. The IoT is increasingly data driven with user sovereignty being essential – and actors in varying scenarios including user/customer, device, manufacturer, third party processor, etc. Therefore, flexible frameworks and diverse security requirements for such sensitive environments are needed to secure identities and authenticate IoT devices and their data, protecting privacy and integrity. In this paper we present a review of the principles, techniques and algorithms that can be adapted from other distributed computing paradigms. Said review will be used in application to the development of a collaborative decision-making framework for heterogeneous entities in a distributed domain, whilst simultaneously highlighting privacy preserving issues in the IoT. In addition, we present our trust-based privacy preserving schema using Dempster-Shafer theory of evidence. While still in its infancy, this application could help maintain a level of privacy and nonrepudiation in collaborative environments such as the IoT.

Research paper thumbnail of Distributed Attack Prevention Using Dempster-Shafer Theory of Evidence

Intelligent Computing Methodologies, 2017

Research paper thumbnail of Drone Forensics: A Case Study on DJI Phantom 4

Unmanned Aerial Vehicles (UAVs) (a.k.a drones) have grown in popularity mainly due to its' ea... more Unmanned Aerial Vehicles (UAVs) (a.k.a drones) have grown in popularity mainly due to its' ease of use, wide variety of uses, availability and inexpensiveness nature of the devices. This rapid proliferation of UAVs has also augmented with several security issues and societal crimes pertaining to the illicit activities, making them rich sources of evidence. Therefore, it is crucial for digital forensics examiners to have the capability to recover, analyze, and authenticate the source of content stored on these devices. In this research, we perform a forensic investigation on an Unmanned Aircraft System, specifically the DJI Phantom 4 Vision, using several smartphone devices such as iPhone 6, iPhone 7 Plus, iPhone 10, Samsung Note 3, Samsung S7, Microsoft Lumia, CKTEL G5 Plus and G-Tide_s4 with different operating systems (iOS, Windows Phone and Android). In addition, we investigate and examine the logical backup acquisition of the iPhone 6, iPhone 7 Plus and iPhone 10 mobile devi...

Research paper thumbnail of Discord Server Forensics: Analysis and Extraction of Digital Evidence

In recent years we can observe that digital forensics is being applied to a variety of domains as... more In recent years we can observe that digital forensics is being applied to a variety of domains as nearly any data can become valuable forensic evidence. The sheer scope of web-based investigations provides a vast amount of information. Due to a rapid increase in the number of cybercrimes the importance of application-specific forensics is greater than ever. Criminals use the application not only to communicate but also to facilitate crimes. It came to our attention that the gaming chat application Discord is one of them. Discord allows its users to send text messages as well as exchange image, video, and audio files. While Discord’s community is not as large as that of the most popular messaging apps the stable growth of its userbase and recent incidents indicate that it is used by criminals. This paper presents our research into the digital forensic analysis of Discord client-side artefacts and presents experimental development of a tool for extraction, analysis, and presentation o...

Research paper thumbnail of Forensic Analysis of Fitbit Versa: Android vs iOS

2021 IEEE Security and Privacy Workshops (SPW), 2021

Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increa... more Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increasingly data stored on these smart fitness devices, their linked applications and cloud datacenters are being used for criminal convictions. There is limited research for investigators on wearable devices and specifically exploring evidence identification and methods of extraction. In this paper we present our analysis of Fitbit Versa using Cellebrite UFED and MSAB XRY. We present a clear scope for investigation and data significance based on the findings from our experiments. The data recovery will include logical and physical extractions using devices running Android 9 and iOS 12, comparing between Cellebrite and XRY capabilities. This paper discusses databases and datatypes that can be recovered using different extraction and analysis techniques, providing a robust outlook of data availability. We also discuss the accuracy of recorded data compared to planned test instances, verifying the accuracy of individual data types. The verifiable accuracy of some datatypes could prove useful if such data was required during the evidentiary processes of a forensic investigation.

Research paper thumbnail of Forensic Analysis of Wearable Devices: Fitbit, Garmin and HETP Watches

2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2019

Wearable technology has been on an exponential rise and shows no signs of slowing down. One categ... more Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user's activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis.

Research paper thumbnail of Iot Forensics: Challenges for the Ioa Era

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2018

Research paper thumbnail of Securing Things in the Healthcare Internet of Things

2019 Global IoT Summit (GIoTS), 2019

The Internet of Things (IoT) has had a positive impact on e-health, assisted living, human-centri... more The Internet of Things (IoT) has had a positive impact on e-health, assisted living, human-centric sensing and wellness. Recently this interconnection has been referred to as Healthcare IoT (H-IoT). Real-time monitoring based on the information gathered from the connected ‘things’ provides large scale connectivity and a greater insight into patient care, individual habits and routines. While the benefits of introducing this paradigm into healthcare are conspicuous, the underlying security vulnerabilities and threats of the infrastructure and devices cannot go unaddressed. H-IoT is set to impact society significantly, and with attackers already exploiting the IoT in a myriad of ways, it is inevitable that the IoT will become the most vulnerable area of cyber security. Securing these ‘things’ in H-IoT requires a multi-faceted approach. A multi-agent approach to advanced persistent threat detection is conveyed with the use of machine learning for predictive analytics: identifying security vulnerabilities, identifying patterns in order to make predictions and identify outliers.

Research paper thumbnail of Drone Forensics

International Journal of Digital Crime and Forensics, 2021

Drones (a.k.a. unmanned aerial vehicles – UAV) have become a societal norm in our daily lives. Th... more Drones (a.k.a. unmanned aerial vehicles – UAV) have become a societal norm in our daily lives. The ability of drones capture high-quality photos from an aerial view and store and transmit such data presents a multi-facet problem. These actions possess privacy challenges to innocent users who can be spied on or drone owner's data which may be intercepted by a hacker. With all technological paradigms, utilities can be misused, and this is an increasing occurrence with drones. As a result, it is imperative to develop a novel methodological approach for the digital forensic analysis of a seized drone. This paper investigates six brands of drones commonly used in criminal activities and extracts forensically relevant data such as location information, captured images and videos, drones' flight paths, and data related to the ownership of the confiscated drone. The experimental results indicate that drone forensics would facilitate law enforcement in collecting significant informat...

Research paper thumbnail of A Methodology to Develop Dynamic Cost-Centric Risk Impact Metrics

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

It is widely accepted that modern computer networks (often presented as a heterogeneous collectio... more It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This paper proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack, an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem's parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. The interactions between vulnerabilities are considered and dynamic impact metric is developed, which can be seen as a baseline between the static metric and the interaction between the exposures.

Research paper thumbnail of Evaluating Interdependencies and Cascading Failures Using Distributed Attack Graph Generation Methods for Critical Infrastructure Defence

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

Attack graphs facilitate modelling, detection and analysis of networks, along with providing the ... more Attack graphs facilitate modelling, detection and analysis of networks, along with providing the functionality to identify potential vulnerabilities and risks within networked systems. When attack graphs are applied to large heterogeneous collaborative infrastructures i.e. Systems-of-Systems (such as critical infrastructures), existing schemas struggle to detect and evaluate interdependencies and cascading failures. The failings of these existing schemas include but are not limited to, the inability to accurately ascertain the relationships and interdependencies between risks, to adequately identify and visualise the consequences of identified risks, and the inability to reduce attack graph size and generation complexity. Having simulated a city based on real-world scenarios and critical infrastructures, we can visualise the effects of cascading failure. Data extracted from the simulation will be used to evaluate our schema, and will assist in the analysis of the potential consequences of component and system failures. We discuss the benefits of a distributed schema which utilises attack graph generation methods, which provides a means for collaborative interdependent systems to be fully analysed, along with assisting in the identification of interdependencies and cascading failures which will be visualised and reported.

Research paper thumbnail of The Development of Fraud Detection Systems for Detection of Potentially Fraudulent Applications

2015 International Conference on Developments of E-Systems Engineering (DeSE), 2015

The size of fraudulent activity is increasing rapidly, with individuals and organisations being a... more The size of fraudulent activity is increasing rapidly, with individuals and organisations being at great risk. This paper inspects and determines the various components required to deliver a successful fraud detection system. It is hoped that in reading this report, the reader will comprehend what is required and see the true benefit of implementing such a solution. Following the structure of a robust methodology, all required development stages will be addressed, ensuring the new system is built to its highest standard. With this in mind, this paper presents the various components required to deliver a successful fraud detection system. It structures what is required and see the true benefit of implementing such a solution. Following the structure of a robust methodology, all required development stages will be addressed, ensuring the new system is built to its highest standard. Through the careful design and successful implementation of an effective system, it is hoped that deployment of the new fraud detection system will highlight its capabilities in detecting fraud across user application within the financial business sector.

Research paper thumbnail of Detecting Intrusions in the Cloud Environment

Due to the scalability of resources and performance, as well as improved maintainability, it is a... more Due to the scalability of resources and performance, as well as improved maintainability, it is apparent that cloud computing will eventually reach IT services that are operating critical infrastructures. Since IT infrastructures have become an integral part of almost all organisations, cloud computing will have a significant impact on them. The scale and dynamic nature of cloud computing cause challenges for their management, including investigating malicious activity and/or policy failure. Sufficient security measures need to ensure the confidentiality, integrity and availability of the data in the cloud. Hosting infrastructure services, and storing sensitive data in the cloud environment brings with it security and resilience requirements that existing cloud services are not well placed to address. Protecting sensitive critical infrastructure data in the cloud computing environment, through the development of innovative techniques for detecting intrusions is the current focus of ...

Research paper thumbnail of Protecting Critical Infrastructure Services in the Cloud Environment

Due to the scalability of resources and performance, as well as improved maintainability it is ap... more Due to the scalability of resources and performance, as well as improved maintainability it is apparent that cloud computing will eventually reach IT services that are operating critical infrastructures. Since IT infrastructures have become an integral part of almost all organisations, cloud computing will have a significant impact on them. Protecting sensitive critical infrastructure data in the cloud environment is the explicit focus of our work. The scale and dynamic nature of cloud computing cause challenges for their management, including investigating malicious activity and/or policy failure. Sufficient security metrics needs to ensure the confidentiality, integrity, and availability of the data on the cloud. Hosting critical infrastructure services in the cloud brings with it security and resilience requirements that existing cloud services are not well placed to address. Gaining a deeper understanding of the infrastructure security needs is of utmost importance as there is c...

Research paper thumbnail of Improving communication between health-care professionals and patients with limited English proficiency in the general practice setting

Australian Journal of Primary Health, 2015

Quality service provision and patient safety and satisfaction in encounters with health-care prof... more Quality service provision and patient safety and satisfaction in encounters with health-care professionals relies on effective communication between the practitioner and patient. This study aimed to identify effective practices for improving communication between clinical staff in general practice and patients with limited English proficiency, and to promote their implementation in general practice. Effective interventions and strategies were identified from a review of international research. Experiences with their use in practice were explored via focus group discussions with general practitioners and practice nurses. The results suggest that, wherever possible, communication in the patient’s primary language is preferable; use of a qualified medical interpreter should be promoted, and practices should have a standardised and documented procedure for accessing interpreter services. General practice staff must increase their awareness about services that are available to facilitate...

Research paper thumbnail of Using deep learning to detect social media ‘trolls’

Forensic Science International: Digital Investigation

Research paper thumbnail of A GPU-based machine learning approach for detection of botnet attacks

Research paper thumbnail of Forensic analysis of ephemeral messaging applications: Disappearing messages or evidential data?

Forensic Science International: Digital Investigation

Research paper thumbnail of Digital Forensic Acquisition and Analysis of Discord Applications

2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI), 2020

Research paper thumbnail of Trust-Based Data Controller for Personal Information Management

2018 International Conference on Innovations in Information Technology (IIT), 2018

In today's data-driven digital economy, user-related information works as oil to fuel the sta... more In today's data-driven digital economy, user-related information works as oil to fuel the state of art applications and services. Consumers, who use these services, provide personal information to service providers, intentionally or unintentionally and often without considering their trustworthiness. However, this personal information often reveals one's identity and may lead users to face unexpected outcomes, ranging from uninvited advertisements to identity theft. To regulate such issues, the new General Data Protection Regulation (GDPR) act was introduced by the European Union in May 2018. As defined by the act, the data controller plays an important role in determining the purposes, conditions and the means of processing data without compromising the user identities for malicious intentions. Therefore, in this paper, we propose a trust-based data controller in which an intermediate authority named trust manager recommends preferable actions towards the data controller on preserving the privacy of the users in accordance with the GDPR act.

Research paper thumbnail of Privacy Preserving Issues in the Dynamic Internet of Things (IoT)

2020 International Symposium on Networks, Computers and Communications (ISNCC), 2020

Convergence of critical infrastructure and data, including government and enterprise, to the dyna... more Convergence of critical infrastructure and data, including government and enterprise, to the dynamic Internet of Things (IoT) environment and future digital ecosystems exhibit significant challenges for privacy and identity in these interconnected domains. There are an increasing variety of devices and technologies being introduced, rendering existing security tools inadequate to deal with the dynamic scale and varying actors. The IoT is increasingly data driven with user sovereignty being essential – and actors in varying scenarios including user/customer, device, manufacturer, third party processor, etc. Therefore, flexible frameworks and diverse security requirements for such sensitive environments are needed to secure identities and authenticate IoT devices and their data, protecting privacy and integrity. In this paper we present a review of the principles, techniques and algorithms that can be adapted from other distributed computing paradigms. Said review will be used in application to the development of a collaborative decision-making framework for heterogeneous entities in a distributed domain, whilst simultaneously highlighting privacy preserving issues in the IoT. In addition, we present our trust-based privacy preserving schema using Dempster-Shafer theory of evidence. While still in its infancy, this application could help maintain a level of privacy and nonrepudiation in collaborative environments such as the IoT.

Research paper thumbnail of Distributed Attack Prevention Using Dempster-Shafer Theory of Evidence

Intelligent Computing Methodologies, 2017

Research paper thumbnail of Drone Forensics: A Case Study on DJI Phantom 4

Unmanned Aerial Vehicles (UAVs) (a.k.a drones) have grown in popularity mainly due to its' ea... more Unmanned Aerial Vehicles (UAVs) (a.k.a drones) have grown in popularity mainly due to its' ease of use, wide variety of uses, availability and inexpensiveness nature of the devices. This rapid proliferation of UAVs has also augmented with several security issues and societal crimes pertaining to the illicit activities, making them rich sources of evidence. Therefore, it is crucial for digital forensics examiners to have the capability to recover, analyze, and authenticate the source of content stored on these devices. In this research, we perform a forensic investigation on an Unmanned Aircraft System, specifically the DJI Phantom 4 Vision, using several smartphone devices such as iPhone 6, iPhone 7 Plus, iPhone 10, Samsung Note 3, Samsung S7, Microsoft Lumia, CKTEL G5 Plus and G-Tide_s4 with different operating systems (iOS, Windows Phone and Android). In addition, we investigate and examine the logical backup acquisition of the iPhone 6, iPhone 7 Plus and iPhone 10 mobile devi...

Research paper thumbnail of Discord Server Forensics: Analysis and Extraction of Digital Evidence

In recent years we can observe that digital forensics is being applied to a variety of domains as... more In recent years we can observe that digital forensics is being applied to a variety of domains as nearly any data can become valuable forensic evidence. The sheer scope of web-based investigations provides a vast amount of information. Due to a rapid increase in the number of cybercrimes the importance of application-specific forensics is greater than ever. Criminals use the application not only to communicate but also to facilitate crimes. It came to our attention that the gaming chat application Discord is one of them. Discord allows its users to send text messages as well as exchange image, video, and audio files. While Discord’s community is not as large as that of the most popular messaging apps the stable growth of its userbase and recent incidents indicate that it is used by criminals. This paper presents our research into the digital forensic analysis of Discord client-side artefacts and presents experimental development of a tool for extraction, analysis, and presentation o...

Research paper thumbnail of Forensic Analysis of Fitbit Versa: Android vs iOS

2021 IEEE Security and Privacy Workshops (SPW), 2021

Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increa... more Fitbit Versa is the most popular of its predecessors and successors in the Fitbit faction. Increasingly data stored on these smart fitness devices, their linked applications and cloud datacenters are being used for criminal convictions. There is limited research for investigators on wearable devices and specifically exploring evidence identification and methods of extraction. In this paper we present our analysis of Fitbit Versa using Cellebrite UFED and MSAB XRY. We present a clear scope for investigation and data significance based on the findings from our experiments. The data recovery will include logical and physical extractions using devices running Android 9 and iOS 12, comparing between Cellebrite and XRY capabilities. This paper discusses databases and datatypes that can be recovered using different extraction and analysis techniques, providing a robust outlook of data availability. We also discuss the accuracy of recorded data compared to planned test instances, verifying the accuracy of individual data types. The verifiable accuracy of some datatypes could prove useful if such data was required during the evidentiary processes of a forensic investigation.

Research paper thumbnail of Forensic Analysis of Wearable Devices: Fitbit, Garmin and HETP Watches

2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2019

Wearable technology has been on an exponential rise and shows no signs of slowing down. One categ... more Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user's activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis.

Research paper thumbnail of Iot Forensics: Challenges for the Ioa Era

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2018

Research paper thumbnail of Securing Things in the Healthcare Internet of Things

2019 Global IoT Summit (GIoTS), 2019

The Internet of Things (IoT) has had a positive impact on e-health, assisted living, human-centri... more The Internet of Things (IoT) has had a positive impact on e-health, assisted living, human-centric sensing and wellness. Recently this interconnection has been referred to as Healthcare IoT (H-IoT). Real-time monitoring based on the information gathered from the connected ‘things’ provides large scale connectivity and a greater insight into patient care, individual habits and routines. While the benefits of introducing this paradigm into healthcare are conspicuous, the underlying security vulnerabilities and threats of the infrastructure and devices cannot go unaddressed. H-IoT is set to impact society significantly, and with attackers already exploiting the IoT in a myriad of ways, it is inevitable that the IoT will become the most vulnerable area of cyber security. Securing these ‘things’ in H-IoT requires a multi-faceted approach. A multi-agent approach to advanced persistent threat detection is conveyed with the use of machine learning for predictive analytics: identifying security vulnerabilities, identifying patterns in order to make predictions and identify outliers.

Research paper thumbnail of Drone Forensics

International Journal of Digital Crime and Forensics, 2021

Drones (a.k.a. unmanned aerial vehicles – UAV) have become a societal norm in our daily lives. Th... more Drones (a.k.a. unmanned aerial vehicles – UAV) have become a societal norm in our daily lives. The ability of drones capture high-quality photos from an aerial view and store and transmit such data presents a multi-facet problem. These actions possess privacy challenges to innocent users who can be spied on or drone owner's data which may be intercepted by a hacker. With all technological paradigms, utilities can be misused, and this is an increasing occurrence with drones. As a result, it is imperative to develop a novel methodological approach for the digital forensic analysis of a seized drone. This paper investigates six brands of drones commonly used in criminal activities and extracts forensically relevant data such as location information, captured images and videos, drones' flight paths, and data related to the ownership of the confiscated drone. The experimental results indicate that drone forensics would facilitate law enforcement in collecting significant informat...