Directors
Dr. John Sheppard
South East Technological University
John Sheppard is Course Leader for the BSc (Hons) in Computer Forensics and Security at South East Technological University (SETU). He holds a BSc and a PhD from University College Dublin.
His research focuses on data mining for intrusion detection, network forensic analysis, and IoT and small-device forensics. In 2019, John was awarded a Fulbright Scholarship to Georgetown University. He teaches modules in file system forensics, network and online forensics, and emerging device forensics.
Research Output
Publications
AutoDFBench 1.0: A benchmarking framework for digital forensic tool testing and generated code evaluation
Forensic Science International: Digital Investigation Vol. 56 pp. 302055
AutoDFBench 1.0 is a benchmarking framework for digital forensic tool testing, evaluating conventional and AI-generated tools across five areas: string search, deleted file recovery, file carving, Windows registry recovery, and SQLite data recovery.
VAAS: Vision-Attention Anomaly Scoring for image manipulation detection in digital forensics
Forensic Science International: Digital Investigation Vol. 56 pp. 302063
VAAS detects image manipulation using Vision Transformers and segmentation embeddings, providing a continuous anomaly score for digital forensics.
An AI-Based Network Forensic Readiness Framework for Resource-Constrained Environments
Proceedings of the 18th International Workshop on Digital Forensics, part of the 20th International Conference on Availability, Reliability and Security
This paper presents an AI-based network forensic readiness framework for resource-constrained environments. The framework integrates optimised artificial intelligence models to detect attacks in real-time, capturing and preserving critical forensic artefacts. It aligns with ISO/IEC 27043:2015 Digital Forensic Readiness principles, reducing time and human effort.
Improving Image Embeddings with Colour Features in Indoor Scene Geolocation
IEEE Access Vol. 13
This paper proposes a model architecture that integrates image N-dominant colours and colour histogram vectors with image embedding from deep metric learning and classification perspectives to improve image geolocation in indoor scenes.
Perceptual Colour-based Geolocation of Human Trafficking Images for Digital Forensic Investigation
2024 Cyber Research Conference - Ireland (Cyber-RCI)
This study investigates the effectiveness of colour-based descriptors in Content-Based Image Retrieval (CBIR) for human trafficking image analysis. The research evaluates the impact of various parameters on image matching accuracy, achieving a Top-50 accuracy of over 95% on the Hotels-50K dataset. The approach demonstrates potential in advancing image analysis tools for human trafficking investigations and other contexts.
Pushing Network Forensic Readiness to the Edge: A Resource Constrained Artificial Intelligence Based Methodology
2024 Cyber Research Conference - Ireland (Cyber-RCI)
This paper introduces the Network Forensic Readiness for Edge Devices (NetFoREdge) framework, which deploys lightweight AI models in resource-constrained environments for attack detection, evidence collection, and preservation. The framework is evaluated on two datasets, achieving accuracy rates exceeding 99.60% and 99.98% for multiclassification.
DFRWS EU 10-Year Review and Future Directions in Digital Forensic Research
Forensic Science International: Digital Investigation Vol. 48 pp. 301685
This study surveys 135 peer-reviewed articles published at the Digital Forensics Research Conference Europe (DFRWS EU) from 2014 to 2023, analyzing co-authorships, geographical spread, and citation metrics to inform future research directions in digital forensic research.
An Evaluation of AI-Based Network Intrusion Detection in Resource-Constrained Environments
14th Annual IEEE Ubiquitous Computing, Electronics & Mobile Communication Conference (IEEE UEMCON)
This paper evaluates AI-based network intrusion detection in resource-constrained environments, proposing a novel approach that trains and deploys AI models on resource-constrained devices. The approach achieves high classification accuracy, identifying and recording potential malicious attacks in real-time with minimal overhead.
ChatGPT for digital forensic investigation: The good, the bad, and the unknown
Forensic Science International: Digital Investigation Vol. 46 pp. 301609
This paper assesses the impact of ChatGPT on digital forensics, evaluating its capabilities and risks in various use cases, including artefact understanding, evidence searching, code generation, anomaly detection, incident response, and education. The study highlights both the potential benefits and limitations of using ChatGPT in digital forensic investigations, concluding that it can be a useful supporting tool for knowledgeable users but requires careful consideration of its strengths and weaknesses.
Deep Learning Based Network Intrusion Detection System for Resource-Constrained Environments
The 13th EAI International Conference on Digital Forensics and Cyber Crime
This paper presents a deep learning-based network intrusion detection system (IDS) for resource-constrained environments. The proposed 1D-Dilated Causal Neural Network (1D-DCNN) model achieves high accuracy in detecting malicious attacks, outperforming existing deep learning approaches. The model's efficiency and effectiveness make it suitable for resource-constrained environments.
Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions
IEEE Access Vol. 10
This paper provides a comprehensive survey of the application of artificial intelligence (AI) in network forensics, including expert systems, machine learning, deep learning, and ensemble/hybrid approaches. It discusses the current challenges and future directions in network forensics, covering various application areas such as network traffic analysis, intrusion detection systems, and Internet-of-Things devices.
TraceGen: User Activity Emulation for Digital Forensic Test Image Generation
Forensic Science International: Digital Investigation
This paper presents TraceGen, an automated system for generating realistic digital forensic test images through user activity emulation. The framework consists of a series of actions contained within scripts that are executed both externally and internally to a target virtual machine. TraceGen aims to address the issue of emulating user activities and behaviours, ensuring forensically realistic traces are created in the resulting test images.
Retracing the Flow of the Stream: Investigating Kodi Streaming Services
The 11th EAI International Conference on Digital Forensics and Cyber Crime
This paper presents a new method for quickly locating Kodi artifacts and gathering information for successful prosecution of digital piracy and streaming of illegal content. The approach is evaluated on Windows, Android, and Linux platforms, demonstrating the location of file artifacts, databases, and viewed content history.
SoK: Exploring the State of the Art and the Future Potential of Artificial Intelligence in Digital Forensic Investigation
The 13th International Workshop on Digital Forensics (WSDF), held at the 15th International Conference on Availability, Reliability and Security (ARES)
This systematic overview of artificial intelligence (AI) in digital forensic investigation explores the current state of the art and future potential of AI in expediting digital forensic analysis and increasing case processing capacities. The authors discuss AI applications in data discovery, device triage, and other areas, highlighting current challenges and future directions.
Cloud Investigations of Illegal IPTV Networks
Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom-18) pp. 1942-1947
This paper examines the Kodi software ecosystem, focusing on its role in illegal IPTV networks. It identifies key roles in the Kodi community, including users, addon authors, and distributors, and explores the relationships between them. The study uses cloud evidence to connect devices to addon distributors and investigates networks among authors and distributors using GraphQL in the GitHub cloud.