Ana Nieto

Security Researcher - Digital Forensics

Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952914    Fax: +34-951-952749

Domain of interest and research

My main research line is digital forensic. An important part of my work at NICS lab has been to study embedded hardware security mechanisms, that was related with my first assignment when I arrived to the group. I have followed its progression over the years and this has allowed, for example, the definition of the concept of digital witness (ES2587584), developed throught the IoTest project, which is part of the topic IoT-Forensics. I'm currently focused on develop new solutions for the analysis and correlation of digital evidence. In parallel, I'm teaching at the University of Malaga in courses about digital forensics and malware analysis among others.

Current research

  • Digital Forensics


  • PhD in Computer Science, University of Málaga, Spain (2015). Mechanisms for the Design of Security and Quality of Service trade-off Solutions.
  • Master in Software Engineering and Artificial Intelligence, a post graduate program with quality mention from the Spanish Ministry of Science and Education, University of Malaga, Spain (2011).
  • IPICS’09.  Intensive Programme on Information and Communication Security, from July 26th to August 8th of 2009, Vienna, Austria.
  • M.Sc. in Computer Science, University of Malaga, Spain (2008).

Relevant Publications

  • Digital Forensics
    • A. Nieto, "Becoming JUDAS: Correlating Users and Devices during a Digital Investigation",
      IEEE Transactions on Information Forensics & Security, vol. 15, IEEE, pp. 3325-3334, 17/04/2020. DOI (I.F.: 6.013)More..


      One of the biggest challenges in IoT-forensics is the analysis and correlation of heterogeneous digital evidence, to enable an effective understanding of complex scenarios. This paper defines a methodology for extracting unique objects (e.g., representing users or devices) from the files of a case, defining the context of the digital investigation and increasing the knowledge progressively, using additional files from the case (e.g. network captures). The solution includes external searches using open source intelligence (OSINT) sources when needed. In order to illustrate this approach, the proposed methodology is implemented in the JSON Users and Devices analysis (JUDAS) tool, which is able to generate the context from JSON files, complete it, and show the whole context using dynamic graphs. The approach is validated using the files in an IoT-Forensic digital investigation where an important set of potential digital evidence extracted from Amazon’s Alexa Cloud is analysed.

      Impact Factor: 6.013
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)

    • A. Nieto, R. Rios, and J. Lopez, "Privacy-Aware Digital Forensics",
      Security and Privacy for Big Data, Cloud Computing and Applications, Lizhe Wang, Wei Ren, Raymoond Choo and Fatos Xhafa, The Institution of Engineering and Technology (IET) , 09/2019. More..
    • A. Nieto, R. Rios, and J. Lopez, "IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations",
      Sensors, vol. 18, issue 2, no. 492, MDPI, 02/2018. DOI (I.F.: 3.031)More..


      IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.

      Impact Factor: 3.031
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

    • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
      IEEE Network, IEEE Communications Society, pp. 12-19, 2016. DOI (I.F.: 7.230)More..


      Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

      Impact Factor: 7.230
      Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • 5G Security
    • A. Nieto, A. Acien, and J. Lopez, "Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory",
      The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), IEEE, pp. 520-527, 08/2018. DOI More..


      The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory. 

    • A. Nieto, "An Overview of Proactive Forensic Solutions and its Applicability to 5G",
      IEEE 5G World Forum (5GWF), IEEE, pp. 191-196, 07/2018. DOI More..


      This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G. 

    • A. Nieto, A. Acien, and G. Fernandez, "Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation",
      Mobile Networks and Applications (MONET), Springer US, pp. 881-889, 10/2018. DOI (I.F.: 2.39)More..


      Crowdsourcing can be a powerful weapon against cyberattacks in 5G networks. In this paper we analyse this idea in detail, starting from the use cases in crowdsourcing focused on security, and highlighting those areas of a 5G ecosystem where crowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and cybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of IoT objects coexist. The analysis is made considering the different participants in a 5G IoT ecosystem.

      Impact Factor: 2.39
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

See all publications

Teaching (current):

  • Título de Experto Universitario en Ingeniería Inversa e Inteligencia Malware. Universidad de Málaga. 
  • Desing and Configuration of Secure Network Systems. Diseño y Configuración de Sistemas Seguros en Red. Master Universitario en Ingeniería Informática. Universidad de Málaga.
  • Computer Forensics. Informática Forense. Master Universitario en Ingeniería Informática. Universidad de Málaga.
  • Seguridad Informática e Informática Forense. Graduado en Criminología. Facultad de Derecho. Universidad de Málaga.
  • Hacking ético. Curso de Introducción a la Ciberseguridad en Sistemas Informáticos. Universidad de Málaga.
  • Curso de Formación Superior de Director de Seguridad Privada. Seguridad de la Información. Facultad de Derecho. Universidad de Málaga. 

Invited speaker:

Attended courses and seminars

  • Computer Forensics and Penetration Testing, Malaga, Spain (2016).
  • (ISC)2 CCFP Live Online training (2015).
  • Computer Forensics from a Legal Perspective, Malaga, Spain (2014).
  • Cryptographic Application Development Android, Malaga, Spain (2011-12).
  • Service Protocol Verification, Malaga, Spain (2010).

Scientific Activities

  • IEEE 5G World Forum 2019 - 5G Security Topical Track co-chair. 
  • IEEE 5G Security Working Group co-chair (2017/18).
  • Associate Editor:
    • ​Journal of Information Processing Systems (JIPS).
  • Program Committee Member:
    • 2018:
      • TrustBus 2018 - International Conference on Trust, Privacy & Security in Digital Business, 5-6 September, Regensburg, Germany.
    • 2017:
      • SePrIoT 2017 - 1st Workshop on Security and Privacy in the Internet of Things, 22-24 October, Niagara Falls, Canada.
      • TrustBus 2017 - International Conference on Trust, Privacy & Security in Digital Business, 28-31 August, Lyon, France. 
    • 2016:
      • TrustCom 2016  - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 23-26 August, Tianjin (China), 2016.
    • 2015:
      • GC15-CISS 2015 - IEEE Globecom'15 - Communication & Information System Security Symposium, 6-10 December in San Diego, CA (USA).  
      • TrustCom 2015 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 20-22 August, Helsinki (Finland). 
      • e-Commerce 2015 - 12th International Conference on e-Commerce and Digital Marketing, 21-23 July in Las Palmas de Gran Canaria (Spain).
    • 2014: 
      • NFSP 2014 - 3rd International Workshop on Network Forensics, Security and Privacy (NFSP), Madrid (Spain), July.
    • 2012: 
      • e-Commerce 2012 - IADIS International Conference e-Commerce 2012, Lisbon (Portugal), July.
  • Invited Reviewer in Journals:
    • IEEE Wireless Communications Magazine. ISSN: 1536-1284.
    • Journal of Sensors. Hindawi. ISSN: 1687-725X.
    • Wireless Networks (WINE). Springer. ISSN: 1022-0038.
    • Computers & Security (COSE). Elsevier Advanced Technology. ISSN: 0167-4048.
    • Journal of Computer Security (JCS). ISSN: 0926-227X.
    • IEEE Internet of Things Journal (IoT-J). ISSN: 2327-4662.
    • International Journal of Information Security. Springer-verlag Publication, heidelberg. ISSN: 1615-5270.
    • Information Systems Security Journal. The official Journal of (ISC)2, a Taylor & Francis Group Publication. ISSN: 1939-3547.
    • IET Information Security Journal. Institution of Engineering and Technology. ISSN: 1751-8717.
    • Computer Standards & Interfaces. Elsevier Science Press. ISSN: 0920-5489.
    • Symmetry-Basel. MDPI Open Access Journal. ISSN: 2073-8994. 
    • Journal of Information Security and Applications. Elsevier. ISSN: 2214-2126.
  • External Reviewer in Conferences: