Petra Leimich

Petra Leimich

Dr Petra Leimich

Lecturer

Biography

Dr Petra Leimich (PhD, MSc, PgDip, Dipl-Math, SFHEA, CEH) is a Lecturer in Cybersecurity and Networks with a strong focus on Digital Forensics. She is the programme leader for the Graduate Apprenticeships (GA) BEng Hons Cybersecurity and the BSc (Hons) Computing run in Myanmar, which focuses on Cybersecurity, a core member of the Centre for Distributed Computing, Networking and Cybersecurity, and an active member of The Cyber Academy in the School of Computing (SoC) at Edinburgh Napier University. Petra is a Certified Ethical Hacker (CEH) and an active researcher. As Senior Fellow of the HEA and Senior Teaching Fellow, she is active in the ENU Teaching Fellows community. Petra holds PhD and MSc degrees from the University of Dundee.
Petra's early research was in the areas of Mathematical Biology and Epidemiology and Computing Education. She has been research active in Cybersecurity, particularly Digital Forensics and Incident Response (IR), for around 10 years. Her growing reputation in the area of cloud forensics led to an invitation to speak at the ScotSecure Summit in February 2020. Her current research interests focus on the areas of Digital Forensic Triage, Big Data, Cloud and Distributed Systems Forensics and Incident Response (IR). Other interests include memory forensics, approximate matching, web browser forensics and information security. Recent research investigates forensic methodology suitable for in-cloud forensics and proposes new methods for investigating digital artefacts left on a Hadoop Distributed File System Cluster. Work in progress in this area focusses on forensics and IR for NoSQL and in-memory databases. A second strand of recent research is fast forensic triage through sub-file features of image files, where images (jpeg, png etc) are compared to a database of known contraband without processing the whole file. In allowing a rapid assessment of evidence, this work contributes to reducing the overheads involved in all levels of digital forensic investigations. Applied to cloud storage forensics, such as Dropbox, this technique offers potential solutions where network bandwidth would otherwise be a limiting factor. Finally, recent work includes a forensic audit of the Tor Browser Bundle. This has developed a method to show not only that Tor has been used, but also which pages were visited, and will be of great interest to forensic investigations involving obfuscation, use of the dark web etc. Petra's research is informed by her background in Mathematics and Statistics, drawing on subjects such as game theory, sampling theory and experimental design. Petra has supervised one PhD in Digital Forensics to successful completion and is currently supervising two PhD students. One is working on robot IR and forensics, the other in IR for cloud and distributed systems. Petra has also supervised around 100 Honours and MSc projects to successful completion. Petra and her students (Honours, MSc and PhD) have produced significant joint research publications.
Petra has a passion for teaching, particularly Digital Forensics and for contextualising Python scripting for Cybersecurity and Forensics. She has a strong integration of her research work into her teaching and dissertation supervision, and continuously strives to enhance the student experience, for example by integrating guest lectures from Police Scotland and other Digital Forensics Practitioners in her teaching. She also developed a mock crime scene investigation practical in collaboration with experts from Police Scotland. Current work in teaching and learning focuses on enhancing student support and gamification of Scripting for Cybersecurity, by developing formative programming skills quizzes with CodeRunner, that run students' code and feedback automatically to the students.
Petra is an EC-Council certified Hacker (CEH) and Senior Fellow of the HEA (SFHEA). She has held five external examinerships; currently with Leeds Beckett University for the MSc Computer Security and MSc Computer Forensics & Security. She is a regular referee for numerous journals and programme committee member for conferences, including IEEE Transactions on Information Forensics & Security, Forensic Science International: Digital Investigation; Journal of Digital Forensics, Security and Law; Journal of Cyber Security Technology; IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA). Her first invited talk related to CyBOK was on Database Security and held at South-West University of Science and Technology, China in 2009. Most recently, Petra was the Invited speaker on Cloud Forensics: Opportunities and Challenges at the ScotSecure Summit (2020) in Edinburgh and co-awarded a SICSA Cyber Nexus Distinguished visiting fellow grant for a visitor from Morgan Stanley (US) (2019). She was also co-exhibitor with Sean McKeown at SICSA Demofest (2017) on "Copies and Contraband: Fast Forensic Identification of Duplicate Images".

News

Events

Esteem

Conference Organising Activity

  • Reviewer for Cyber Security: IEEE International Conference on Cyber Security and Protection of Digital Services
  • PC Member: Cyber SA 2017
  • Reviewer for ICDF2C 2017
  • PC Member for the International Conference on Cyber-Technologies and Cyber-Systems
  • Reviewer for ICDF2C: EAI Int Conference on Digital Forensics & Cyber Crime
  • Scientific Committee Member for SCME 2016
  • Conference Organiser: BNCOD 2010
  • TLAD Conference Chair and Editor of Proceedings

 

External Examining/Validations

  • External Examiner at Leeds Beckett University
  • External Examiner at University of the West of England
  • External Examiner at the University of Brighton
  • External Examiner at De Montfort University, Leicester
  • External Examiner at Glasgow Caledonian University

 

Fellowships and Awards

  • Certified Ethical Hacker (CEH)
  • Senior Fellow of the HEA

 

Invited Speaker

  • Cloud Forensics: Opportunities and Challenges. ScotSecure Summit
  • Database Security. South-West University of Science and Technology, Mianyang, China

 

Public/Community Engagement

  • SICSA Cyber Nexus Distinguished Visiting Fellow Grant
  • Copies and Contraband: Fast Forensic Identification of Duplicate Images (SICSA Demofest)
  • Cyber STEM Event for P7 Girls - The Cyber Academy, Edinburgh Napier University

 

Reviewing

  • Reviewer for Forensic Science International: Digital Investigation
  • Reviewer for JDFSL
  • Reviewer for IEEE Transactions on Information Forensics and Security
  • Reviewer for Journal of Cybersecurity Technology

 

Date


19 results

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems

Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020)
Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3),
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and check...

A Forensic Audit of the Tor Browser Bundle

Journal Article
Muir, M., Leimich, P., & Buchanan, W. J. (2019)
A Forensic Audit of the Tor Browser Bundle. Digital Investigation, 29, 118-128. https://doi.org/10.1016/j.diin.2019.03.009
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protoc...

Sub-file Hashing Strategies for Fast Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560680
Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for man...

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560671
Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited ...

Fingerprinting JPEGs With Optimised Huffman Tables

Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018)
Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), https://doi.org/10.15394/jdfsl.2018.1451
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algor...

Fast Filtering of Known PNG Files Using Early File Features

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2017)
Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algor...

A RAM triage methodology for Hadoop HDFS forensics

Journal Article
Leimich, P., Harrison, J., & Buchanan, W. J. (2016)
A RAM triage methodology for Hadoop HDFS forensics. Digital Investigation, 18, 96-109. https://doi.org/10.1016/j.diin.2016.07.003
This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situatio...

Editorial: TLAD 2015

Conference Proceeding
Leimich, P., & Bhogal, J. (2015)
Editorial: TLAD 2015. In Proceedings TLAD 2015. 13th International Workshop on the Teaching, Learning and Assessment of Databases
No abstract available.

From crime to court - an experience report of a digital forensics group project module.

Presentation / Conference
Leimich, P., Ferguson, I., & Coull, N. (2014, November)
From crime to court - an experience report of a digital forensics group project module. Paper presented at HEA Teaching Computer Forensics Workshop, Sunderland, UK
This paper discusses the large-scale group project undertaken by BSc Hons Digital Forensics students at Abertay University in their penultimate year. The philosophy of the pro...

An assessment of data leakage in Firefox under different conditions.

Presentation / Conference
Findlay, C., & Leimich, P. (2014, July)
An assessment of data leakage in Firefox under different conditions. Paper presented at CFET 2014: 7th International Conference on Cybercrime Forensics Education & Training, Christ Church,
Data leakage is a serious issue and can result in the loss of sensitive data, compromising user accounts and details, potentially affecting millions of internet users. This pa...

Current Post Grad projects

Previous Post Grad projects

Non-Napier PhD or MSc by Research supervisions

  • IntelliChair: Sitting Posture Monitoring in Ambient Intelligence