Petra Leimich

Petra Leimich
Edinburgh Napier University · School of Computing

About

19
Publications
8,690
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
86
Citations

Publications

Publications (19)
Article
Full-text available
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribu...
Preprint
Full-text available
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind...
Article
Full-text available
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind...
Conference Paper
Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited by bandwidth constraints when accessing this kind of data using traditional tools. This paper explores the potential for sub-file hashing strategies to decrease the time taken...
Conference Paper
Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast and effective digital forensics triage, and to reduce the time taken to conduct an investigation. T...
Article
Full-text available
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing individual digests with a database of known contraband. However, the large capacities of modern storage m...
Conference Paper
Full-text available
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media,...
Article
This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during the acquisition process is achieved through the use of RAM forensics. This affords initial cluster r...
Conference Paper
Full-text available
Data leakage is a serious issue and can result in the loss of sensitive data, compromising user accounts and details, potentially affecting millions of internet users. This paper contributes to research in online security and reducing personal footprint by evaluating the levels of privacy provided by the Firefox browser. The aim of identifying cond...
Conference Paper
Full-text available
Nowadays there is almost no crime committed without a trace of digital evidence, and since the advanced functionality of mobile devices today can be exploited to assist in crime, the need for mobile forensics is imperative. Many of the mobile applications available today, including internet browsers, will request the user's permission to access the...
Conference Paper
Full-text available
SQL injection is a common attack method used to leverage information out of a database or to compromise a company's network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases...
Conference Paper
Full-text available
A technique and supporting tool for the recovery of browsing activity (both currently stored and deleted) from current and recent versions of the Firefox web-browser is presented. The approach is based upon applying file-carving techniques (matching regular expressions against raw disk images) to the problem of recovering recognizable fragments of...
Conference Paper
This discussion paper introduces three very different methods and contexts for the use of peer assessment in introductory database classes, each of which is supported by different learning software tools. In the first case study, at Glasgow Caledonian University, Contributing Student Pedagogy is used, where students contribute to the learning of ot...
Conference Paper
Full-text available
This paper discusses the experience of taking part in a disciplinary commons devoted to the teaching of database systems. It will discuss the structure of a disciplinary commons and our experience of the database version.
Conference Paper
Full-text available
Passive learning is generally believed to be ineffectual in that it leads to a generally impoverished student experience manifested by poor attendance, engagement and motivation alike. A shift towards a more pro-active learning experience was therefore the main motivator for the proposed method outlined in this paper. The method adopted was applied...
Article
Full-text available
A new approach to the space-time modelling of infectious diseases is considered. A modulated heterogeneous Poisson process with intensity defined as a function of a two-dimensional susceptibility field is proposed. The model is fitted to a measles epidemic using a proportional hazards approximation.

Network

Cited By

Projects

Projects (2)
Project
Invite contributions to the special track BDCF: Big Data and Cloud Forensics [1] at Cyber 18 (3rd Int Conf on Cyber-Technologies and Cyber-Systems) [2] in Athens, 18-22 November 2018. Papers will be indexed by Thomson Reuters in WoS (Web of Science) and published in the conference procedings; extended versions of selected papers published in IARIA journals. Please inform me asap of your intention to submit. Submission deadline 5 October 2018 (this is somewhat flexible by agreement); notification 20 October 2018. Traditionally, much of Digital Forensics has been focused on standalone or smaller networked systems. However, the increasing use of cloud-based architectures and big data systems is challenging established Digital Forensics methods. As criminals make use of cloud storage, forensic investigators need methods to acquire and analyse artefacts from the cloud. Exploring solutions for the technical and legal challenges posed is the first objective of this track. Secondly, as corporations continue to adopt Big Data technologies and store increasingly valuable data in distributed systems and the cloud, this is becoming an expanding target for criminals. The question therefore is not if, but when, the first major Big Data security breach will happen. In such an event, the large data volumes, non-traditional architecture and remote cloud storage, often using distributed file systems and/or NoSQL, pose serious challenges for Incident Response. With established approaches infeasible in such situations, the development of methods for the forensic analysis of compromised cloud and distributed systems is therefore paramount, and the second objective of this track. Finally, cloud and distributed systems could potentially offer new approaches and solutions to the forensic data volume problem. In addition to offering vast data storage for forensic images, related technologies such as machine learning, Big Data Analytics, and distributed processing could be leveraged to help with forensic data analysis. Examples of emerging concepts in this regard include DFaaS (Digital Forensics as a Service). Advancing such techniques is the third objective of this special track. Topics include, but not limited to: • Cloud Storage Forensics • Empirical studies and taxonomies relating to how Cloud systems are used by criminals • Tackling legal challenges related to Cloud Storage Forensics • Investigation of local device and network artefacts that could aid in Cloud investigations • Forensic analysis of distributed file systems (e.g. Hadoop), including internal network traffic • Forensic analysis of NoSQL and memory-resident databases • Incident response, triage and data reduction methods for Cloud and Big Data security breaches. • Data Mining, Machine Learning and Statistical Modelling for Digital Forensics • Using Big Data Analytics in Digital Forensics • DFaaS (Digital-Forensics-as-a-Service) • Development of forensic tools that leverage machine learning methods and data analytics • Development of forensic tools for distributed systems [1] http://www.iaria.org/conferences2018/filesCYBER18/BDCF.pdf [2] http://www.iaria.org/conferences2018/CYBER18.html