How secure is your data? Not just the data that your health services provider or bank keeps on you but also the information that you put up on social media? Who can see it, access it and use it? How can you better manage and protect it?

How can large businesses and industries ensure that hackers cannot access their confidential financial, business and technical information? In the event of a breach how can they track down the perpetrator and close off future loopholes?

Lero researchers also work with law enforcement agencies to utilise digital forensics to identify the perpetrators of crime and ensure that the relevant forensic information is identified, protected and traced. They look at methods for restricting physical access to buildings and infrastructure and how software methods can be used to restrict access to approved employees/members etc., as well as tracking who has had access and when.


Cracking Cybercrime



With software-intensive systems becoming more pervasive, an increasing number of assets, which are transmitted, manipulated, or stored digitally, are being compromised by cybercrimes. To identify and prosecute those responsible or such crimes, a digital forensic investigation aims to collect, analyse and present digital evidence necessary to demonstrate how a digital crime was committed, what harm was done, and who was responsible. Although exiting tools, such Sleuthkit and Encase, can be used to extract digital forensic evidence, investigators still have to approach each crime case from scratch, by postulating potential hypotheses and manually analysing large volumes of data. Traditional digital investigations assume access to and control of IT assets - such as storage - during an investigation, but this  may not be the case if the system uses volatile storage or a virtualized infrastructure.

In Lero’s ManSec project Dr Liliana Pasquale and Prof Bashar Nuseibeh have been working with IBM Software Labs to develop a framework to support forensic readiness. This framework is based on the design of potential speculative hypotheses of a crime in advance. To preserve necessary – but volatile – evidence generated by volatile sources, such evidence may be collected proactively depending on the likelihood of a crime taking place. If an investigation starts, the evidence already collected is analysed to assess if   some of the  speculative hypotheses of a crime hold and what further evidence is necessary to support them. The likelihood of each hypothesis is estimated depending on the state of data collected. For each hypothesis that is satisfied, a case is generated, in the form of a structured argument, to demonstrate how the evidence collected supports that hypothesis.

Preliminary results are promising. We are developing an open source toolset to support proactive digital investigations in large distributed systems, which we are using to demonstrate the efficacy of our approach in Cloud computing environments. Dr  Liliana Pasquale also received  Microsoft Windows Azure for Research Award entitled “Minority Report: Using the Cloud to Enable Proactive Digital Forensic Investigations”. This award will enable the Lero team to investigate performance enhancement to our framework through the use of software parallelisation techniques. Our aim is to continue evaluating the feasibility of proactive analysis for large  systems and to contribute to the development of substantive systems that are forensics-ready.