Sean McKeown

Sean McKeown

Dr Sean McKeown

Lecturer

Biography

Sean McKeown is an early career academic at Edinburgh Napier University, a post which he began at the end of his PhD work. He obtained a BSc in Computer Science from the university of Glasgow in 2007, followed by an MA (Hons) in Philosophy (2011) and MSc in Digital Forensics and E-Discovery (2013) form the same institution. He subsequently joined the Information Retrieval group at the University of Glasgow as a researcher for two years and worked closely with a local investigation company on Web based, person-centric, Open-Source Intelligence (OSINT) investigations. This early work produced both research papers and prototype applications to enhance the efficacy of OSINT investigators in the real world, reducing the time taken for investigators them to find relevant information. This work was aimed at quickly finding information on subjects relating to various types of fraud, which costs the UK economy approximately 200 billion pounds each year. As such, even a small reduction in the time taken to pursue such investigations may have a large economic impact.

After joining Edinburgh Napier, Sean’s research switched focus to facilitating faster Digital Forensics processing for contraband media investigations. This area is of great importance as police departments across the country are underfunded and faced with huge investigative backlogs, deferring sentences for the guilty, and placing innocent parties under great social and mental strain.

The research from Sean’s PhD addressed this issue through a form of file level data reduction, meaning that less data needs to be read and processed from a typical computer. The techniques have been shown to be particularly effective on solid state media, reducing contraband detection times by up to two orders of magnitude in some cases. Substantial improvements were also recorded for hard disks, however, as more devices make use of non-magnetic media, the proposed techniques will only increase in value. This research gained the attention of a local digital forensics technology company following an exhibition at SICSA DemoFest in 2017, resulting in talks about how such an approach may be incorporated in commercial products. An additional strand of this work focuses on incredibly rapid initial forensics triage by making use of existing thumbnails found on the device, which can detect contraband on a terabyte disk in a matter of seconds. This level of rapid triage allows law enforcement personnel to quickly assess a property for contraband during the execution of a search warrant. This allows for a selective seizure of devices, saving an enormous number of person and processing hours, while cutting down on evidence storage costs.

More recent research focuses on the analysis of the High Efficiency Image File Format (HEIF) which is used by modern Apple devices. The format does not have wide software support, neither for consumers nor investigators, which poses a particular problem as the HEIF container format allows for complex data structures, which can be difficult to analyse.

Sean is module leader of Computer Systems and is also involved in the delivery of several cyber security and forensics modules, as well as overseeing a number of student projects. He is also the student demonstrator coordinator for the School of Computing.


Esteem
• Reviewer for the Journal of Digital Forensics, Security and Law (JDFSL) (https://commons.erau.edu/jdfsl/)
• Reviewer for the Journal of Cyber Security Technology (https://www.tandfonline.com/toc/tsec20/current)
• Programme Committee - IEEE International Conference on Cyber Science comprising Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response (CYBER 2020)
• Technical programme committee member for IARIA Cyber 2019
(https://www.iaria.org/conferences2019/CYBER19.html)
• Invited speaker to University of Glasgow HATII SHAKE seminars (2014).
(https://blogs.arts.gla.ac.uk/hatii/hatii-shake-investigating-information-online-not-only-nsa/)
• Co-exhibitor with Petra Leimich at SICSA DemoFest (2017): "Copies and Contraband: Fast Forensic Identification of Duplicate Images".

• Funding: SICSA First Step Award (£5000 - 2013) + SICSA Postgraduate Industry Internship (£10,400 - 2014), Edinburgh Napier Researcher Development Fund (£850 - 2017), Napier Research Funding Competition (Approx. £7000, 2019-2020)

Events

Esteem

Fellowships and Awards

  • Edinburgh Napier Researcher Development Fund
  • Edinburgh Napier 50th Anniversary PhD Scholarship

 

Invited Speaker

  • University of Glasgow - HATII SHAKE Seminar

 

Membership of Professional Body

  • Associate Fellow of the Higher Education Academy

 

Reviewing

  • Programme Committee - IEEE International Conference on Cyber Science comprising Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response (CYBER 2020)
  • Journal of Digital Forensics, Security and Law
  • Technical Comittee Member - IARIA Cyber 2019

 

Date


13 results

Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach

Conference Proceeding
Christou, O., Pitropakis, N., Papadopoulos, P., Mckeown, S., & Buchanan, W. J. (2020)
Phishing URL Detection Through Top-Level Domain Analysis: A Descriptive Approach. https://doi.org/10.5220/0008902202890298
Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high ...

Forensic Considerations for the High Efficiency Image File Format (HEIF)

Conference Proceeding
Mckeown, S., & Russell, G. (2020)
Forensic Considerations for the High Efficiency Image File Format (HEIF). https://doi.org/10.1109/CyberSecurity49315.2020.9138890
The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the...

Using Amazon Alexa APIs as a Source of Digital Evidence

Conference Proceeding
Krueger, C., & Mckeown, S. (2020)
Using Amazon Alexa APIs as a Source of Digital Evidence. https://doi.org/10.1109/CyberSecurity49315.2020.9138849
With the release of Amazon Alexa and the first Amazon Echo device, the company revolutionised the smart home. It allowed their users to communicate with, and control, their sm...

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment

Conference Proceeding
Chacon, J., Mckeown, S., & Macfarlane, R. (2020)
Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. https://doi.org/10.1109/CyberSecurity49315.2020.9138859
Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception...

Testing And Hardening IoT Devices Against the Mirai Botnet

Conference Proceeding
Kelly, C., Pitropakis, N., McKeown, S., & Lambrinoudakis, C. (2020)
Testing And Hardening IoT Devices Against the Mirai Botnet. https://doi.org/10.1109/CyberSecurity49315.2020.9138887
A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufa...

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems

Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020)
Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3),
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and check...

Utilising Reduced File Representations to Facilitate Fast Contraband Detection

Thesis
McKeown, S. Utilising Reduced File Representations to Facilitate Fast Contraband Detection. (Thesis)
Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/Output/2386199
Digital forensics practitioners can be tasked with analysing digital data, in all its forms, for legal proceedings. In law enforcement, this largely involves searching for con...

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560671
Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited ...

Sub-file Hashing Strategies for Fast Contraband Detection

Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018)
Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)https://doi.org/10.1109/CyberSecPODS.2018.8560680
Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for man...

Fingerprinting JPEGs With Optimised Huffman Tables

Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018)
Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), https://doi.org/10.15394/jdfsl.2018.1451
A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algor...

Pre-Napier Funded Projects

  • SICSA Elevate Business Accelerator Training
  • SICSA Postgraduate Industry Internship

Current Post Grad projects

Previous Post Grad projects