Digital Forensics Research Wins Principal’s Research Excellence Award for Information Society

16/06/2016

News image

Introduction

The team of Prof Bill Buchanan, Phil Penrose, Bruce Ramsay, Dr Owen Lo and Richard Macfarlane, working in The Cyber Academy, shared the prize for the best Contribution to Information Society research theme at the Edinburgh Napier University Principal’s Research Excellence Awards. The award was shared with Prof Hazel Hall for her research: Mapping the workforce: library, archives, records, information, and knowledge management professions in the UK

The software (Fragment Finder) from the spin-out (Cyan Forensics) scans computers for illegal content 100x faster than competitors, doing in minutes what usually takes days. This radically reduces delays and costs in police investigations, helping take dangerous criminals off the streets. They are targeting sectors worth >£200m/year in the rapidly growing Digital Forensics market, estimated at $5bn in 2021. The work has been extensively supported by Ian Stevenson, who will become the CEO of the spin-out company, and supported by Bruce Ramsay as the CTO.

Outline

The digital fragment work aims to provide fast triage for digital forensics, and uses a novel method of scanning a computer disk for contraband for the analysis and detection of digital fragments. Existing investigation methods use a digital fingerprint for complete files, which cannot detect small fragments of a file. This work is disruptive in that it can classify and detect small fragments of a file, and match them quickly to their original content.

Fragment Finder has progressed through the classification of compressed and encrypted fragments [1], into its application within the detection of contraband within disk systems [2]. Overall the work was one of the first research teams to identify the difference between compressed files and encrypted files, and which measured the entropy of a fragment. The technique has been since extended to provide fast methods of scanning large-scale disk storage systems and identify known contraband, and more than one patent is underway.

It has involved a team of Prof Bill Buchanan, Phil Penrose, Bruce Ramsay, Dr Owen Lo and Richard Macfarlane and progressed to the funding of a Scottish Enterprise Proof of Concept. It is being used in a range of real-life investigations and has been shown to detect criminal activity faster than any other existing tool.

There has been fairly extensive engagement with Police Officers and Home Land defence agencies, especially focused on how the novel method could be applied into real-life criminal investigations. The spin-out company has been featured in the Converge Challenge and EIE (Engage, Invest, Exploit), and was one of the companies selected to provide a showcase pitch (http://www.eie-invest.com/company/cyan-forensics/)

References

[1]     Penrose, P., Macfarlane, R., Buchanan, W. (2013). Approaches to the Classification Of High Entropy File Fragments. Digital Investigator, 10(4), 372–384. [Paper]

[2]     Penrose, P., Buchanan, W., Macfarlane, R. (2015). Fast contraband detection in large capacity disk drives. Digital Investigator, (March 2015), S22–S29. [Paper]



 
[Read More]

Associated people

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Richard Macfarlane
Lecturer
r.macfarlane@napier.ac.uk
+44 131 455 2335
Bruce Ramsay
Senior Research Fellow
B.Ramsay@napier.ac.uk
+44 131 455 2746
Owen Lo
Research Fellow
o.lo@napier.ac.uk
+44 131 455
Philip Penrose
Research student
P.Penrose@napier.ac.uk
+44 131 455
Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Resources