Projects

Indoor Multimedia Geolocation

Developing practical methods for estimating where indoor multimedia was captured by exploiting visual and environmental cues that persist across buildings, rooms, and online imagery.

This theme focuses on extracting location evidence from indoor scenes where GPS metadata is absent, unreliable, or intentionally removed. Current work investigates objects, fixtures, colour patterns, semantic scene content, and infrastructure cues such as electrical sockets as signals that can narrow an investigative search space.

The long-term goal is to build robust, explainable, and operationally useful geolocation workflows that can support investigations involving image and video evidence, particularly when the available material is partial, low quality, or deliberately stripped of metadata.

Artificial Intelligence-Aided Digital Forensics

Exploring how AI can assist digital forensic workflows while preserving the reliability, transparency, reproducibility, and evidential rigour required for real investigations.

This work examines the responsible use of machine learning, deep learning, large language models, and agentic systems for tasks such as triage, artefact interpretation, report drafting, network investigation, malware analysis, and multimedia evidence analysis.

A central concern is evaluation: AI-assisted forensic tools must be measured against realistic tasks, known ground truth, error cases, and clear accountability requirements so that automation supports investigators without hiding uncertainty or weakening evidential standards.

Edge Device Forensics and Security

Investigating forensic readiness, evidence acquisition, and security monitoring for constrained devices and decentralised systems deployed at the edge.

Edge and Internet of Things environments create evidence that is volatile, distributed, resource constrained, and often difficult to preserve using conventional forensic processes. This project studies how evidence collection and monitoring can happen closer to where activity occurs.

Research in this area includes lightweight network forensic readiness, privacy-aware monitoring, cloud and IoT evidence handling, and architectures that support timely investigation without overwhelming constrained devices or centralised analysis systems.

Automated Digital Forensic Tool Testing and Validation

Building repeatable benchmarks and validation workflows for conventional, AI-generated, and AI-assisted digital forensic tools.

Digital forensic tools need to be assessed against transparent ground truth, representative evidence, and clear measures of correctness. This project develops datasets, benchmarks, and automation methods for testing tool behaviour across common investigative tasks.

The work supports reproducible evaluation of string search, file recovery, registry parsing, SQLite recovery, generated forensic code, and related capabilities, helping practitioners understand when a tool is reliable and where it may fail.

Context-Based Password Cracking

Improving password recovery by generating targeted, context-aware candidate guesses from information relevant to a case or organisation.

Instead of relying only on generic leaked-password lists, this theme investigates how contextual information can improve dictionary generation, prioritisation, and guessing strategies. The work spans methodology, dataset quality, augmentation, and evaluation.

Recent directions include using language models and structured contextual sources to generate more effective candidate passwords while maintaining repeatable evaluation and clear boundaries around lawful investigative use.

Electromagnetic Side Channel Analysis to Bypass Encryption

Studying how electromagnetic emissions from devices can reveal useful forensic or security information when conventional access is blocked by encryption.

Encrypted and locked devices can prevent investigators from accessing evidence through standard logical acquisition. This project investigates non-invasive electromagnetic side-channel methods that may reveal cryptographic activity or device behaviour without modifying the target system.

The research considers practical acquisition setups, portability across devices, forensic readiness for embedded and industrial systems, and the reliability limits of side-channel observations when used to support investigative decision-making.