Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer posuere erat a ante.

Someone famous

DPhil Student:

Cyber Security

I am currently undertaking a DPhil in Cyber Security at the University of Oxford part of the Centre for Doctoral Training in Cyber Security which is multidisciplinary centre with students from a wide variety of backgrounds such as computer sciences, mathematics, law and sociology.                  

In my spare time I like to understand various attack scenarios and looking at various types of malware and understanding the different techniques currently available to analyse malware. Beyond studying I enjoy running and learning to program. I am also the IT Officer of Kellogg College MCR 

I undertook the SANS 508 course in Advanced Computer Forensics and Incident Response where I have gained vast knowledge in live forensics and extracting and analysing forensic artefacts from memory images. Previously I volunteered for the Humberside Police Hi-Tech Unit and the Internet Sex Offenders Unit carrying out the role of triaging      

Research Interests

Data Provenance

Internet of Things

SCADA

Digital Forensics

    My research interests include cyber security and digital forensics on Supervisory Control and Data Acquisition Systems (SCADA) and Critical National Infrastructures (CNIs), malware analysis and Internet of Things (IoTs). I previously worked as a Research Engineer with Airbus Group Innovations (previously known as EADS Innovation Works).

    My focus in R&D is on Industry Control Systems Cyber Security and Digital Forensics. My role was to work on European funded and the Welsh Foundation research projects. As part of my role I implemented the digital forensic testbed and the SIEM AlienVault for research purposes.                        

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras sem quam, scelerisque vitae sem non, ornare condimentum leo. Vivamus eros tortor, tincidunt et viverra ac, gravida eu augue. Interdum et malesuada fames ac ante ipsum primis in faucibus. Praesent nibh ex, hendrerit at tellus sed, laoreet suscipit leo.

    Research Projects

    Project 1: Exploring the Potential Use of PLC Debugging Tools for Digital Forensic Investigations on SCADA Systems

      In the past, SCADA systems have been isolated from the Internet. Due to their increasing connectivity to the enterprise network and the use of ethernet TCP/IP on devices these systems have become more exposed to external threats. The Stuxnet malware attack has provided strong evidence for the development of a need for a forensic capability to aid a thorough post incident investigations.

      Current live forensic tools are typically used to acquire and examine memory from computers running either Windows or Unix. This make them incompatible with embedded devices found on SCADA systems that have their own bespoke operating system. Currently, only a limited number of forensics tools have been developed for SCADA systems, with no development of tools to acquire the program code from PLCs. We argue that the program code is an important forensic artefact that can be used to determine the attackers motives and provide threat intelligence that could be shared with other SCADA sites.

      The main contributions of this paper is to determine whether existing PLC debugging and communication tools have any forensic properties to acquire the program code of the PLC.from In order to determine if it has any forensic properties we will using an existing Computer Forensics Tool Testing Framework (CFFTS) by NIST. Our results indicate that by acquiring the program code from the memory of the PLC we were able to identify the attackers motive. The findings from using NIST's CFTTF to test PLC Logger showed it had failed half of the tests suggesting that it its current state it has limited potential, unless the shortcomings were addressed

      Project 2: Using Mobile Device Sensors to Detect Malicious Events on Transportation

        Under recent EU legislation mobile devices can now be used on aircraft, can mobile device sensors be used to detect different situations on an aircraft? The case of flight MH370 has highlighted the difficulties in tracking aircraft when they are out of range of ground radar. As it is not been possible to find the MH370 aircraft and recover the black boxes it has not been possible to determine what occurred on the aircraft leading up to its disappearance.

        As mobile devices have matured we have seen more sensors being implemented such as Accelerometer, Gyroscope etc. this increasing number of new functions means they can be used in a variety of domains such as healthcare, social networks and environmental monitoring. Could their use be extended to provide information about the actions and movements of passengers on an aircraft?

        Conferences

        2013

          "Towards a SCADA Forensic Architecture": Presented in 2013 at Leicester, UK. In proceedings of 1st International Symposium of Industrial Control System - Cyber Security Research, (ICS-CSR'13). Available online here.

          2016

            "Exploring The Use Of PLC Debugging Tools For Digital Forensic Investigations On SCADA Systems": Presented in 2015 at Malaga, Spain. Journal of Digital Forensics, Security and Law: Vol. 10 : No. 4 , Article 7. Available online here.