Nathan L. ClarkeUniversity of Plymouth | UoP · Centre for Cyber Security, Communications and Network Research (CSCAN)
Nathan L. Clarke
Doctor of Philosophy
About
251
Publications
122,217
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
4,152
Citations
Introduction
Publications
Publications (251)
User authentication is often regarded as the “gatekeeper” of cyber security. It has, however, long suffered from significant usability issues that have resulted in research focussing upon frictionless and transparent biometric approaches. Activity-based user authentication—a technique that authenticates a user by what they are physically doing at a...
While AI's accuracy is impressive, it often operates opaquely, leaving users puzzled by its decisions. Explainable AI (XAI) seeks to demystify these processes, yet it encounters usability hurdles, often favouring developers over end-users. This paper introduces EXPERT-DUO, a flexible framework for Explainable Object Classification. While demonstrat...
Data scientists, researchers and engineers want to understand, whether machine learning models for object detection work accurate and precise. Networks like Yolo use bounding boxes as a result to localize the object in the image. The principal aim of this paper is to address the problem of a lack of an effective metric for evaluating the results of...
The chapter draws upon a series of research studies as a means of exploring the opportunities that exist to address the challenges that exist across computer, mobile, and network-based investigations. The examples help to illustrate where wider computer science research can be leveraged to benefit digital forensic tools and capabilities.
The essence of any forensic examination is to look for data, artifacts. While it is impossible to describe all possible artifacts that may be of interest in any given investigation, this chapter aims to describe how to find some artifacts that are very common to look for. The chapter first describes how to find information such as install date and...
Turning away from law enforcement, computer forensics is a common part of modern-day incident response. Incident response is essentially the practice of handling computer-related incidents such as intrusions, denial of service attacks, or malware. Since most modern organizations rely on information technology for daily work routines, having the abi...
The world is becoming more and more digitalized and so is the way that crimes are committed. It goes without saying that criminals act using digital means and digital environments play a big role in modern crime investigations. While this means that much information of evidentiary value can be found using various digital sources, the way in which t...
Computer memory (RAM) is a great source of forensic artifacts as it contains information that the computer worked on since the last reboot. Also, information must take its true unencrypted form in memory, in order to be meaningful for the user. From a forensic perspective, a memory dump can contain vital information such as passwords, decrypted ver...
Two major challenges in modern-day forensics are urgency and volume of data. Needless to say, modern computers can carry large amounts of data, and sorting through all that data is a very difficult task. Most examinations are also urgent in the sense that you are expected to deliver results quickly. Consider a case where a multimillion company is a...
This chapter provides the reader with an introduction to memory analysis, used for malware detection, using the open-source tool Volatility. Using Volatility rather than treating a memory dump as a big blob of data allows the examiner to complete a more structured analysis. This chapter demonstrates how to use Volatility to find several key artifac...
Digital forensics is all about examining digital evidence, and that implies that you need to collect the evidence before it can be examined. Every action that you carry out on a computer will leave traces, and that contradicts with the facts that evidence must be handled in a way that ensures that it is not altered. This chapter discusses the key p...
As has been discussed throughout this book, the computer memory is a good source of information that should not be overlooked during a forensic examination. However, the traditional tools used for forensic examination are not built to handle memory dumps very well. As has been discovered in the previous chapter, the memory structure is vastly diffe...
The common and best practice for conducting a forensic examination is to create a bit-by-bit copy of the storage device that you are set to examine and then analyze the copy. Working in this manner ensures that the actual storage device is not contaminated and can even provide performance benefits. This chapter begins with a description of how to c...
In some cases, a forensic examination is just about finding a picture, text, or e-mail. However, it is very common that the forensic expert is tasked with answering more complex questions such as determining who the user of a computer is or if a computer was remote controlled. While providing a definite answer to such a question is often almost imp...
This chapter provides the reader with an introduction to memory analysis, in a law enforcement, using the open-source tool Volatility 2.6. Using Volatility rather than treating a memory dump as a big blob of data allows the examiner to complete a more structured analysis. This chapter demonstrates how to use Volatility to find several key artifacts...
Perhaps the most important skill for someone working with computer forensics is to know how computers work. In order to locate digital traces of an e-mail, the examiner must know what such traces may look like. While this book is intended for someone who is fairly skilled in the computer world, there is theory that is extra important for a forensic...
Digital forensic research is vital to the continued successful adoption of electronic evidence by the legal systems. Used extensively by law enforcement, digital forensics is also an integral component of an organizations’ incident response team and increasingly provide an efficient and effective means to investigate a wide range of non-cyber-relat...
This chapter provides the reader with an overview to several forensic tools that are available for free use. The first sections of the chapter provide a listing of special purpose tools that can be useful for interpreting certain artifacts in a neat manner; this includes prefetch data, shellbags, and more. The chapter continues with an overview of...
When working as a forensic examiner, it is not uncommon to encounter encrypted files, entire partitions, or even devices. When that is the case, the encrypted data must be decrypted in order for the forensic expert to be able to examine it. The intent of this chapter is to provide the reader with a practical overview of the steps commonly involved...
While skill, knowledge, and experience are the most important building blocks of a forensic examiner, having a competent tool is really helpful. This chapter provides an introduction to Autopsy which is one such tool. Autopsy is a multi-platform open-source tool which is heavily used by both law enforcement and companies when conducting forensic ex...
Computer forensic experts are commonly faced with the misconception that they work primarily on cybercrime. The reality is quite opposite, namely, that digital forensics is of importance in pretty much every possible type of crime, ranging from computer intrusions to theft. This chapter provides a discussion on what cybercrime is, but more importan...
This chapter describes the actual examination process and the general demands for a forensic examination. A basic rule is that the results presented in a forensic examination must be objective and true. Digital forensics is comparable to academic work in this manner. This chapter discusses key concepts used to ensure that the results of a forensic...
In modern computing in general, and in forensic examinations in particular, encrypted data is common. Traditionally, this has been because criminals tend to want to hide their traces, and encryption is a way to do that. In the modern world, encryption has become increasingly common due to the fact that, nowadays, encryption is often a default optio...
Forensic evidence is data with evidentiary value. Such data is typically referred to as forensic artifacts and those come in many different shapes and sizes. The value of an artifact will depend on where it is found and circumstances around the artifact. Consider, for instance, a photo portraying narcotics. If that is found as a temporary Internet...
While browsing around in locations known to hold artifacts is a common forensic practice, it is not always enough. An equally common practice is to actually search for what you want and let the computer do the heavy lifting. It is not uncommon for a case to hold information about interesting names, e-mail addresses, or other keywords that are relat...
This chapter introduces the concept of digital forensics and provides a discussion of what computer forensics is, examining data in order to reconstruct what happened in a digital environment. Further, the chapter discusses the steps involved in a forensic examination in a digital environment, from collecting evidence to reporting on the findings o...
The modern digital world is highly heterogeneous, encompassing a wide variety of communications, devices, and services. This interconnectedness generates, synchronises, stores, and presents digital information in multidimensional, complex formats, often fragmented across multiple sources. When linked to misuse, this digital information becomes vita...
Generative models and their possible applications are almost limitless. But there are still problems that such models have. On one hand, the models are difficult to train. Stability in training, mode collapse or non convergence, together with the huge parameter space make it extremely costly and difficult to train and optimize generative models. Th...
Organizations have been investing in analytics relying on internal and external data to gain a competitive advantage. However, the legal and regulatory acts imposed nationally and internationally have become a challenge, especially for highly regulated sectors such as health or finance/banking. Data handlers such as Facebook and Amazon have already...
Hyperparameter tuning is an important aspect in machine-learning especially for deep generative models. Tuning models to stabilize training and to get the best accuracy can be a time consuming and protracted process. Generative models have a large search space requiring resources and knowledge to find the best parameters. Therefore, in most cases t...
The importance of machine learning (ML) has been increasing dramatically for years. From assistance systems to production optimisation to healthcare support, almost every area of daily life and industry is coming into contact with machine learning. Besides all the benefits ML brings, the lack of transparency and difficulty in creating traceability...
0000−0001−9115−7668] , Fatemeh Stodt 2[0000−0003−0863−0907] , Christoph Reich 1[0000−0001−9831−2181] , and Nathan Clarke 3[0000−0002−3595−3800] Abstract. The importance of machine learning (ML) has been increasing dramatically for years. From assistance systems to production optimisation to health-care support, almost every area of daily life and i...
Digital forensics is now essential in addressing cybercrime and cyber-enabled crime but potentially it can have a role in almost every other type of crime. Given technology's continuous development and prevalence, the widespread adoption of technologies among society and the subsequent digital footprints that exist, the analysis of these technologi...
Image augmentation has become an important part of the data preprocessing pipeline, helping to acquire more samples by altering existing samples by cutting, shifting, etc.. For some domains, augmenting existing images is not sufficient, due to missing samples in the domains (e.g., faulty work pieces or events that occur infrequently). In such a cas...
Enormous potential of artificial intelligence (AI) exists in numerous products and services, especially in healthcare and medical technology. Explainability is a central prerequisite for certification procedures around the world and the fulfilment of transparency obligations. Explainability tools increase the comprehensibility of object recognition...
Human physical motion activity identification has many potential applications in various fields, such as medical diagnosis, military sensing, sports analysis, and human-computer security interaction. With the recent advances in smartphones and wearable technologies, it has become common for such devices to have embedded motion sensors that are able...
The automation of new knowledge from the manipulation and analysis of existing knowledge is one of the primary objectives of any cognitive system. Most of the effort on Big Data research has been focused upon Volume and Velocity, while Variety, “the ugly duckling” of Big Data, is often neglected and difficult to solve. A principal challenge with va...
As the smartphone and the services it provides are becoming targets of cybercrime, it is critical to secure smartphones. However, it is important security controls are designed to provide continuous and user-friendly security. Amongst the most important of these is user authentication, where users have experienced a significant rise in the need to...
Digital investigators often get involved with cases, which seemingly point the responsibility to the person to which the computer belongs, but after a thorough examination malware is proven to be the cause, causing loss of precious time. Whilst Anti-Virus (AV) software can assist the investigator in identifying the presence of malware, with the inc...
This chapter examines the use of delay-tolerant networks (DTNs) in the context of deep-space data communications: an application area with extreme demands for delay tolerance. The discussion examines the networking requirements of space data communications, and the associated technology requirements to support a deep-space DTN solution. Specific at...
This book constitutes the proceedings of the 15th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, held virtually in July 2021.
The 18 papers presented in this volume were carefully reviewed and selected from 30 submissions. They are organized in the following topical sections: attitudes and...
Abstract—Generative Adversarial Networks (GANs) are part of
the deep generative model family and able to generate synthetic
samples based on the underlying distribution of real-world data.
With expanding interest new discoveries and recent advances are
hard to follow. Recent advancements to stabilize training, will
help GANs to open up new domains...
Purpose
The purpose of this paper is to present an integrative framework for handling the security and usability conflicts during the system development lifecycle. The framework has been formulated while considering key concerns raised after conducting a series of interviews with practitioners from the industry. The framework is aimed at assisting...
Purpose
The human factor is a major consideration in securing systems. A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks and are increasingly being targeted as they...
Containers have to be secured in a multi-tenant environment. To secure the use of containerized environments, the effectiveness of a rule-based security monitoring approach have been investigated. The approach of this paper can be used to detect a wide range of potentially malicious behaviour of workloads in containerized environments. Additionally...
This book constitutes the proceedings of the 14th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, held in Mytilene, Lesbos, Greece, in July 2020.*
The 27 full papers presented in this volume were carefully reviewed and selected from 43 submissions. They are organized in the following topical sections: pri...
At the present time, there has been a rapid increase in the variety and popularity of messaging systems such as social network messaging, text messages, email and Twitter, with users frequently exchanging messages across various platforms. Unfortunately, in amongst the legitimate messages, there is a host of illegitimate and inappropriate content -...
IP multimedia subsystem (IMS) is becoming the prevailing candidate for managing future mobile multimedia communications, including critical communications such as public safety, emergency professionals and corporate networks. IMS
security and privacy has gained much attention in the few last years. The review of recent IMS security activities stres...
Purpose
The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison wit...
Digital investigators often get involved with cases, which seemingly point the responsibility to the person to which the computer belongs, but after a thorough examination malware is proven to be the cause, causing loss of precious time. Whilst Anti-Virus (AV) software can assist the investigator in identifying the presence of malware, with the inc...
With the rapid growth of smartphones and tablets in our daily lives, securing the sensitive data stored upon them makes authentication of paramount importance. Current authentication approaches do not re-authenticate in order to re-validate the user’s identity after accessing a mobile phone. Accordingly, there is a security benefit if authenticatio...
Current cloud architectures do not comply with today's digital forensics procedures-largely due to the fundamental dynamic nature of the cloud. Data acquisition is the first and arguably the most important process within digital forensics-to ensure data integrity and admissibility. Currently investigators have no option but to rely on the Cloud Ser...
The growth in smartphone usage has led to increased user concerns regarding privacy and security. Smartphones contain sensitive information, such as personal data, images, and emails, and can be used to perform various types of activity, such as transferring money via mobile Internet banking, making calls and sending emails. As a consequence, conce...
Human physical motion activity identification has many potential applications in various fields, such as medical diagnosis, military sensing, sports analysis, and human-computer security interaction. With the recent advances in smartphones and wearable technologies, it has become common for such devices to have embedded motion sensors that are able...
Purpose
It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and respondin...
User identification and behaviour profiling from generic network traffic is a critical step that allows the ISP or security administrator, to take into consideration the information and make an informed decision about policing, traffic management, and enforcing the policy of the organisation. Additionally, application usage trend is significant in...
With the capability of storing huge volumes of data over the Internet, cloud storage has become a popular and desirable service for individuals and enterprises. The security issues, nevertheless, have been the intense debate within the cloud community. Given weak passwords, malicious attacks have been happened across a variety of well-known storage...
Abstract. With the enormous increase in the use and volume of photographs and videos, multimedia-based digital evidence has come to play an increasingly fundamental role in criminal investigations. However, given the increase in the volume of multimedia data, it is becoming time-consuming and costly for investigators to analyse the images manually....
Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to inc...
The cloud-computing concept has emerged as a powerful mechanism for data storage by providing a suitable platform for data centers. Recent studies show that the energy consumption of cloud computing systems is a key issue. Therefore, we should reduce the energy consumption to satisfy performance requirements, minimize power consumption, and maximiz...
Prof. Steven Furnell FBCS and Prof. Nathan Clarke FBCS, from the University of Plymouth, examine the rise of biometrics in modern society, with particular focus upon the potential to ease the authentication burden on mobile devices.
Digital forensics faces several challenges in examining and analyzing data due to an increasing range of technologies at people's disposal. The investigators find themselves having to process and analyze many systems manually (e.g. PC, laptop, Smartphone) in a single case. Unfortunately, current tools such as FTK and Encase have a limited ability t...
Insider threats are a significant security issue. The last decade has witnessed countless instances of data loss and exposure in which data has become publicly available and easily accessible. Losing or disclosing sensitive data or confidential information may cause substantial financial and reputational damage to a company. Whilst more recent rese...
The Facial-Forensic Analysis Tool (F-FAT) provide a technique that aid forensic investigation in terms of automatic facial recognition. It is a holistic system that is developed to collect, exam, and analyse multimedia evidence (photos and videos).
Facial recognition has played an essential role in digital forensics due to the widespread use of digital technology such as CCTV, mobile phones, and digital cameras. Therefore, the growing volume of multimedia files (photos and videos), in particular, are a valuable source of evidence and the ability to identify culprits’ is invaluable. Despite si...
Smartwatches, which contain an accelerometer and gyroscope, have recently been used to implement gait/activity-based biometrics. However, many research questions have not been addressed in the prior work such as the training and test data was collected in the same day from a limited dataset, using unrealistic activities (e.g., punch) and/or the aut...
Digital forensics has become an increasingly important tool in the fight against cyber and computer-assisted crime. However, with an increasing range of technologies at people's disposal, investigators find themselves having to process and analyse many systems (e.g. PC, laptop, tablet, Smartphone) in a single case. Unfortunately, current tools oper...
Forensic facial recognition has become an essential requirement in criminal investigations due to the advent of electronic devices such as CCTV, digital cameras, mobile phones, and computers and the huge volume of content that exists. Forensic facial recognition goes beyond facial recognition in that it deals with facial images under unconstraint a...
Insider threat represents one of the greatest challenges in the cyber security world. Insider attackers have more privileged and legitimate access to the information and facilities, compared to the outsider attackers. In fact, insider attacker has more accessibilities and higher potential to bring huge damage to the organization. However, the behav...
Purpose
The end-user has frequently been identified as the weakest link; however, motivated by the fact that different users react differently to the same stimuli, identifying the reasons behind variations in security behavior and why certain users could be “at risk” more than others is a step toward protecting and defending users against security...
A wide range of information communication technologies (ICTs), including devices such as smart phones, tablets, desktops and smart TVs, are increasingly used at home. Home users arguably struggle with managing and handling different devices and operating systems, applying different security configurations and mitigating different security threats....