CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Detecting Maliciousness Using Periodic Mobile Forensics


Mark Guido - MITRE

Oct 24, 2012

Size: 446.1MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Android Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could leave sensitive data exposed with little recourse. There is a both a breadth and depth of information that can be gained by using physical forensic acquisition techniques against an Android phone. The resulting forensic images can be mostly treated as traditional images and can be subjected to traditional forensics tools and techniques for analysis. The MITRE Innovation Project research project "Detecting Maliciousness Using Periodic Mobile Forensics" addressed the enterprise use case of installed malicious applications. The results of the research will be discussed, as well as experimentation performed using real mobile malware.

About the Speaker

Mr. Mark Guido is a cyber security engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement).

Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than ten years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.

Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.