About
35
Publications
8,787
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
259
Citations
Publications
Publications (35)
IoT is undoubtedly considered the future of the Internet. Many sectors are moving towards the use of these devices to aid better monitoring, controlling of the surrounding environment, and manufacturing processes. The Industrial Internet of things is a sub-domain of IoT and serves as enablers of the industry. IIoT is providing valuable services to...
This paper presents the results of a needs analysis survey for Reverse Engineering (RE). The need for reverse engineers in digital forensics, continues to grow as malware analysis becomes more complicated. The survey was created to investigate tools used in the cybersecurity industry, the methods for teaching RE and educational resources related to...
On social networking sites (SSN) such as Facebook, users tend to share information and engage with third-party applications (apps). However, how knowledgeable, and aware, are users with regard to using a third-party service or app on Facebook? That is, do users really understand what information gets accessed, collected, and how Facebook shares the...
Memory analysis is a digital forensics technique whose goal is to model a computer system's state based solely on the analysis of a snapshot of physical memory (RAM). Memory forensics is frequently employed in incident response to detect and analyze modern malware and attack frameworks. Memory forensics is a particularly powerful tool for analyzing...
Memory Forensics is one of the most important emerging areas in computer forensics. In memory forensics, analysis of userland memory is a technique that analyses per-process runtime data structures and extracts significant evidence for application-specific investigations. In this research, our focus is to examine the critical challenges faced by pr...
As data privacy continues to be a crucial human-right concern as recognized by the UN, regulatory agencies have demanded developers obtain user permission before accessing user-sensitive data. Mainly through the use of privacy policies statements, developers fulfill their legal requirements to keep users abreast of the requests for their data. In a...
This poster details the macOS Userland Runtime analysis using the Objective-C and Swift data structures. It documents our efforts to create memory forensic tools to investigate the macOS runtime.
The continued rise of Apple's macOS in both the home and workplace has led to a significant rise in the capabilities of both malware and attacker toolkits that target the operating system and its users. Over the last several years there have been numerous documented instances of macOS users being targeted by governments, intelligence agencies, and...
The value of memory analysis during digital forensics, incident response, and malware investigations has been realized for over a decade. The power of memory forensics is based on the fact that volatile memory contains a substantial number of artifacts that are simply never recorded to disk or sent across the network in plaintext form. Orderly reco...
Advances in malware development have led to the widespread use of attacker toolkits that do not leave any trace in the local filesystem. This negatively impacts traditional investigative procedures that rely on filesystem analysis to reconstruct attacker activities. As a solution, memory forensics has replaced filesystem analysis in these scenarios...
Over the past few decades, rapid changes in technology have driven a significant increase in the amount and types of data stored on and processed by digital devices. Digital devices may be used in the commission of numerous criminal activities, including unauthorized data exfiltration, fraud, employee misconduct, kidnapping, child pornography, murd...
In this study we are focusing on malware in general and cross platform malware analysis in particular with respect to its ability to transfer among platforms. We covered the basic features and protection mechanisms used to hide identity and protect its existence. Recent studies focus on examining malwares by comparing signatures and features (stati...
The use of memory forensics is becoming commonplace in digital investigation and incident response, as it provides critically important capabilities for detecting sophisticated malware attacks, including memory-only malware components. In this paper, we concentrate on improving analysis of API hooks, a technique commonly employed by malware to hija...
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft's Windows 10 operating system and supports execution of native Linux applications within the host operating system. This integrated support of Linux executables in a Windows environment presents challenges to existing memory forensics frameworks, such as...
The growing threat to user privacy by Android applications (app) has tremendously increased the need for more reliable and accessible analysis techniques. This paper presents AspectDroid¹ —an offline app-level hybrid analysis system designed to investigate Android applications for possible unwanted activities. It leverages static bytecode instrumen...
Android applications access native SQLite databases through their Universal Resource Identifiers (URIs), exposed by the Content provider library. By design, the SQLite engine used in the Android system does not enforce access restrictions on database content nor does it log database accesses. Instead, Android enforces read and write permissions on...
The growing threat to user privacy related to Android applications (apps) has tremendously increased the need for more reliable and accessible app analysis systems. This paper presents AspectDroid, an application-level system designed to investigate Android applications for possible unwanted activities. AspectDroid is comprised of app instrumentati...
Android malware are often created by injecting malicious payloads into benign applications. They employ code and string obfuscation techniques to hide their presence from antivirus scanners. Recent studies have shown that common antivirus software and static analysis tools are not resilient to such obfuscation techniques. To address this problem, w...
Robust fingerprinting of executable code contained in a memory image is a prerequisite for a large number of security and forensic applications, especially in a cloud environment. Prior state of the art has focused specifically on identifying kernel versions by means of complex differential analysis of several aspects of the kernel code implementat...