PhD Alumni
Dr. Xiaoyu Du
University College Dublin
Xiaoyu Du completed her PhD in the School of Computer Science, UCD, under the supervision of Dr. Mark Scanlon.
Her PhD research focused on tackling the digital evidence backlog by expediting digital evidence handling through cloud-based data deduplication.
Research Output
Publications
TraceGen: User Activity Emulation for Digital Forensic Test Image Generation
Forensic Science International: Digital Investigation
This paper presents TraceGen, an automated system for generating realistic digital forensic test images through user activity emulation. The framework consists of a series of actions contained within scripts that are executed both externally and internally to a target virtual machine. TraceGen aims to address the issue of emulating user activities and behaviours, ensuring forensically realistic traces are created in the resulting test images.
Alleviating the Digital Forensic Backlog: A Methodology for Automated Digital Evidence Processing
School of Computer Science, University College Dublin
This PhD thesis proposes a methodology for alleviating the digital forensic backlog through automated digital evidence processing. The research leverages data deduplication and automated analysis techniques to reduce redundant digital evidence data handling, enabling faster and more efficient investigations.
SoK: Exploring the State of the Art and the Future Potential of Artificial Intelligence in Digital Forensic Investigation
The 13th International Workshop on Digital Forensics (WSDF), held at the 15th International Conference on Availability, Reliability and Security (ARES)
This systematic overview of artificial intelligence (AI) in digital forensic investigation explores the current state of the art and future potential of AI in expediting digital forensic analysis and increasing case processing capacities. The authors discuss AI applications in data discovery, device triage, and other areas, highlighting current challenges and future directions.
Automated Artefact Relevancy Determination from Artefact Metadata and Associated Timeline Events
The 6th IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
This paper presents an approach for automated artefact relevancy determination from artefact metadata and associated timeline events. The method uses a relevancy score to rank file artefacts by likely relevance, based on data reduction techniques and machine learning models. The approach is validated through experimentation with three emulated investigation scenarios, demonstrating its potential to aid investigators in the discovery and prioritisation of evidence.
Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts
The 12th International Workshop on Digital Forensics (WSDF), held at the 14th International Conference on Availability, Reliability and Security (ARES)
This paper proposes a methodology for automatically prioritizing suspicious file artefacts in digital forensic investigations, leveraging a supervised machine learning approach and a toolkit for data extraction from disk images. The methodology aims to reduce manual analysis effort and improve the efficiency of the investigative process.
Deduplicated Disk Image Evidence Acquisition and Forensically-Sound Reconstruction
Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom-18) pp. 1674-1679
This paper presents a system for deduplicated disk image evidence acquisition and forensically-sound reconstruction, addressing the growing digital evidence backlog in law enforcement. The system enables automated, centralized acquisition and analysis, reducing storage and bandwidth requirements, and facilitating non-expert evidence processing.
Evaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service
Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS 2017) pp. 573-581
This paper evaluates the applicability of existing digital forensic process models to a cloud-based evidence processing paradigm, specifically Digital Forensics as a Service (DFaaS). The authors analyze the characteristics of each current process model and review the benefits of DFaaS, aiming to expedite the investigative process and reduce costs.
EviPlant: An Efficient Digital Forensic Challenge Creation, Manipulation, and Distribution Solution
Digital Investigation Vol. 20S pp. 29-36
EviPlant is a system designed to efficiently create, manipulate, store, and distribute digital forensic challenges for education and training. It allows educators to create evidence packages that can be integrated with base images, reducing the need for large, full-image files and making it easier to distribute challenges to students.