Prof Bill Buchanan OBE FRSE

In recent years the capacity of digital storage devices has been increasing at a rate that has left digital forensic services struggling to cope. There is an acknowledgement that current forensic tools have failed to keep up. The workload is such that a form of ‘administrative triage’ takes place in many labs where perceived low priority jobs are delayed or dropped without reference to the data itself. In this paper we investigate the feasibility of first responders performing a fast initial… Show more

In recent years the capacity of digital storage devices has been increasing at a rate that has left digital forensic services struggling to cope. There is an acknowledgement that current forensic tools have failed to keep up. The workload is such that a form of ‘administrative triage’ takes place in many labs where perceived low priority jobs are delayed or dropped without reference to the data itself. In this paper we investigate the feasibility of first responders performing a fast initial scan of a device by sampling on the device itself. A Bloom filter is used to store the block hashes of large collections of contraband data. We show that by sampling disk clusters, we can achieve 99.9% accuracy scanning for contraband data in minutes. Even under the constraints imposed by low specification legacy equipment, it is possible to scan a device for contraband with a known and controllable margin of error in a reasonable time. We conclude that in this type of case it is feasible to boot the device into a forensically sound environment and do a pre-imaging scan to prioritise the device for further detailed investigation. Show less

In this paper we propose novel approaches to the problem of classifying high entropy file fragments. Although classification of file fragments is central to the science of Digital Forensics, high entropy types have been regarded as a problem. Roussev and Garfinkel (2009) argue that existing methods will not work on high entropy fragments because they have no discernible patterns to exploit. We propose two methods that do not rely on such patterns. The NIST statistical test suite is used to… Show more

In this paper we propose novel approaches to the problem of classifying high entropy file fragments. Although classification of file fragments is central to the science of Digital Forensics, high entropy types have been regarded as a problem. Roussev and Garfinkel (2009) argue that existing methods will not work on high entropy fragments because they have no discernible patterns to exploit. We propose two methods that do not rely on such patterns. The NIST statistical test suite is used to detect randomness in 4 KiB fragments. These test results were analysed using an Artificial Neural Network (ANN). Optimum results were 91% and 82% correct classification rates for encrypted and compressed fragments respectively. We also use the compressibility of a fragment as a measure of its randomness. Correct classification was 76% and 70% for encrypted and compressed fragments respectively.We show that newer more efficient compression formats are more difficult to classify.We have used subsets of the publicly available ‘GovDocs1 Million File Corpus’ so that any future research may make valid comparisons with the results obtained here. Show less

Case Study: Moving Towards an e-health Platform to Store NHS Patient Information in the Cloud

The NHS pilot scheme to store patient information in the Cloud
How can the health sector can gain greater value from its infrastructure by moving services into the cloud
Harnessing maximum benefits out of cloud computing
What will make cloud services compelling for every NHS organisation?
Increasing operational efficiency and reducing costs in the health sector
Providing NHS… Show more

Case Study: Moving Towards an e-health Platform to Store NHS Patient Information in the Cloud

The NHS pilot scheme to store patient information in the Cloud
How can the health sector can gain greater value from its infrastructure by moving services into the cloud
Harnessing maximum benefits out of cloud computing
What will make cloud services compelling for every NHS organisation?
Increasing operational efficiency and reducing costs in the health sector
Providing NHS patients with complete control over their medical records and the power to decide who can access their data
Overcoming the security and confidentiality problems Show less

Case Study: Moving Towards an e-health Platform to Store NHS Patient Information in the Cloud

The NHS pilot scheme to store patient information in the Cloud
How can the health sector can gain greater value from its infrastructure by moving services into the cloud
Harnessing maximum benefits out of cloud computing
What will make cloud services compelling for every NHS organisation?
Increasing operational efficiency and reducing costs in the health sector
Providing NHS… Show more

Case Study: Moving Towards an e-health Platform to Store NHS Patient Information in the Cloud

The NHS pilot scheme to store patient information in the Cloud
How can the health sector can gain greater value from its infrastructure by moving services into the cloud
Harnessing maximum benefits out of cloud computing
What will make cloud services compelling for every NHS organisation?
Increasing operational efficiency and reducing costs in the health sector
Providing NHS patients with complete control over their medical records and the power to decide who can access their data
Overcoming the security and confidentiality problems Show less

Two of the major changes within computing, at the present time, are the move towards service-oriented architectures and the increasing usage of mobile devices to access these services. Along with this, as these devices are often moving, extra context information can be provided to a service, if the user is known, along with their actual location and their current trajectory. This includes useful applications such as providing the nearest bus stop to a user, and thus to show the buses which are… Show more

Two of the major changes within computing, at the present time, are the move towards service-oriented architectures and the increasing usage of mobile devices to access these services. Along with this, as these devices are often moving, extra context information can be provided to a service, if the user is known, along with their actual location and their current trajectory. This includes useful applications such as providing the nearest bus stop to a user, and thus to show the buses which are due to arrive next. While this type of information is useful to the user for services that are trusted, there can be many issues related to the gathering of location information for non-trusted applications, such as for location-based marketing, or for user behaviour profiling. With simple security controls being applied to the access of the location information from mobile devices, it is important that users understand how their location information is being used. This paper reviews some of the current methods which are being proposed in order to reduce the impact of location tracking on user privacy. Show less

Most organisations relay on digital information systems (ISs) in day-to-day operations, and often sensitive data about employees and customers are stored in such systems. This, effectively, makes ISs enhanced surveillance measures, which can reach further than CCTV monitoring and provide valuable resources for internal and external investigations. For privacy reasons, if a digital forensic investigation is to take place, only the investigators should know the identities of the suspects… Show more

Most organisations relay on digital information systems (ISs) in day-to-day operations, and often sensitive data about employees and customers are stored in such systems. This, effectively, makes ISs enhanced surveillance measures, which can reach further than CCTV monitoring and provide valuable resources for internal and external investigations. For privacy reasons, if a digital forensic investigation is to take place, only the investigators should know the identities of the suspects. Ideally, the investigators should not have to disclose these identities to the data holders, while the data holders, i.e. organisations whose data subjects are being investigated, should not have to disclose their full databases to investigators. The only data that should be disclosed should relate to that involving the subject – thus the need for a privacy-preserving investigation system. Several privacy preserving algorithms have been proposed, but most of them are only of theoretical interest since empirical evaluations have rarely been undertaken. The main novelty in this paper is that it applies a 1-out-n Oblivious Transfer (1-n OT) algorithm to a new area of privacy-preserving investigations. Hence, an implementation of a straightforward privacy-preserving investigation system that can be used in real-life applications is outlined. The system uses tried and tested encryption algorithms: RSA for hiding the identity of the suspect; AES to conceal from investigators records not relating to the suspect; and commutative RSA to allow discovery of index where a suspect’s data is stored in the third party records. This paper outlines an initial evaluation of the system proving that it may be successfully used in digital forensic investigations, conducted by public authorities and private organisations alike. Show less

High performance group communication, such as broadcast, requires matching efficient broadcast algorithms to effective route discovery approach. Broadcast communication in MANETs is essential for a wide range of important applications. Nevertheless, existing broadcast schemes in MANETs suffer in terms of several issues such as rebroadcast redundancy and collisions. Consequently, this degrades the communication quality especially when dealing with high bandwidth applications. Thus, this paper… Show more

High performance group communication, such as broadcast, requires matching efficient broadcast algorithms to effective route discovery approach. Broadcast communication in MANETs is essential for a wide range of important applications. Nevertheless, existing broadcast schemes in MANETs suffer in terms of several issues such as rebroadcast redundancy and collisions. Consequently, this degrades the communication quality especially when dealing with high bandwidth applications. Thus, this paper adopts a new strategy that presents a new distributed route discovery (DRD) scheme to handle the broadcast operation efficiently by reducing the number of the broadcast redundancy request (RREQ) packets and the number of collision and contentions. We examined the performance of the proposed scheme DRD in MANETs; in terms of RREQ rebroadcast number and RREQ collision number. Our experiments confirm the superiority of the proposed scheme over its counterparts in different communication constraints.
Show less