My research interests lie in the field of digital forensics (computer forensics, mobile-device forensics, and network/cyber forensics). With my experience as a Computer Crimes Investigator I have a unique insight that I bring to academia about how digital forensic investigations are conducted and how technology can be improved to expedite these investigations.

To date I have had four articles published in peer reviewed journals; three in the field of graph theory and one in the field of number theory. Through these publications I have honed my ability to communicate to a diverse audience on technical subject matters.

Areas of Research Interest:

I would like to develop algorithms that could be utilized to more effectively conduct forensic exams of electronic equipment, as well as develop software enhancements that would achieve better results than currently available. This would include exploring machine learning and how to utilize this field of computer science to automate tasks that are currently very time and labor intensive. For example, in current investigations of child pornography it is well know that the suspect will have both pornographic images of children and of adults. The adult images are of no forensic value to the investigation. The issue is that current technology can only find pornographic images by utilizing flesh tone detection algorithms, but it cannot differentiate between the flesh tones of adults and children. It is also well know in the field that suspects have a particular “type” of child that they are interested in. What I would like to research is whether or not we can “teach” the computer to identify suspect child images by supplying it with a sample of images that we know the suspect "likes".

Currently the industry standard is to examine all of the media that is presented for examination, even if it is known that the digital items of interest are located in a particular location. I am interested in probabilistic approaches that can be applied to the digital forensic exam process that will increase the efficiency of the exam process. For example, can we create a probabilistic formula that could be used for a particular type of crime to say with α percent of certainty that the evidence would be found in this particular location, but also with β percent of certainty that the evidence is not anywhere else on the digital device.

Lastly, I am interested in techniques to reverse engineer malware and other software used in cyber-crimes, to assist in the investigation process.With the seemingly every-day revelation that a new company has been hacked, there is a need to find tools and techniques that can be deployed quickly to assist in identifying the malware used to hack the system in question, as well as the means that were used to conduct the hack (mode of infiltration, vulnerability exploited, payload compromised, mode of exfiltration, and identity of malware programmer).