Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Brendan Saltaformaggio - Purdue University

Students: Fall 2021, unless noted otherwise, sessions will be virtual on Zoom.

DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse

Sep 03, 2014

Download: Video Icon MP4 Video Size: 117.0MB  
Watch on Youtube Watch on YouTube

Abstract

State-of-the-art memory forensics involves signature-based scanning of memory images to uncover data structure instances of interest to investigators. A largely unaddressed challenge is that investigators may not be able to interpret the content of data structure fields, even with a deep understanding of the data structure’s syntax and semantics. For example, an investigator may know that a buffer field is holding a photo image, but still cannot display (and hence understand) the image. We call this the data structure content reverse engineering challenge. In this talk, we present DSCRETE, a system that enables automatic interpretation and rendering of in-memory data structure contents. DSCRETE is based on the observation that the application in which a data structure is defined usually contains interpretation and rendering logic to generate human-understandable output for that data structure. Hence DSCRETE aims to identify and reuse such logic in the program’s binary and create a “scanner+renderer” tool for scanning and rendering instances of the data structure in a memory image. We will show that DSCRETE is able to recover a variety of application data — e.g., images, figures, screenshots, user accounts, and formatted files and messages — with high accuracy. The raw contents of such data would otherwise be unfathomable to human investigators.

About the Speaker

Brendan Saltaformaggio is a Ph.D. student in the Department of Computer Science at Purdue University. His research focuses on the application of binary analysis techniques to digital forensics problems. Most recently, his work on data structure content reverse engineering won the Best Student Paper Award at Usenix Security 2014. Brendan earned a BS with Honors in Computer Science from the University of New Orleans. Prior to joining Purdue, Brendan was a digital forensics researcher at MIT Lincoln Labs (2012) and the Greater New Orleans Center for Information Assurance (2011).


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!