The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mark Guido - MITRE

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Detecting Maliciousness Using Periodic Mobile Forensics

Oct 24, 2012

Download: Video Icon MP4 Video Size: 446.1MB  
Watch on Youtube Watch on YouTube


Android Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could leave sensitive data exposed with little recourse. There is a both a breadth and depth of information that can be gained by using physical forensic acquisition techniques against an Android phone. The resulting forensic images can be mostly treated as traditional images and can be subjected to traditional forensics tools and techniques for analysis. The MITRE Innovation Project research project "Detecting Maliciousness Using Periodic Mobile Forensics" addressed the enterprise use case of installed malicious applications. The results of the research will be discussed, as well as experimentation performed using real mobile malware.

About the Speaker

Mr. Mark Guido is a cyber security engineer and researcher at The MITRE Corporation, a non-profit organization chartered to work in the public interest. His main focus areas are on mobile forensics and insider threat (user behavioral measurement).

Mr. Guido has worked for MITRE in the defense, intelligence, and law enforcement communities for more than ten years. Mr. Guido has supported technology research and development both within MITRE via its internal research program and through various customer programs. He has supported various government customers to stand up capabilities for auditing and monitoring. Mr. Guido served as the lead engineer supporting an operational insider threat monitoring and mitigation program, and has worked onsite at various security operations centers and forensics laboratories. Mr. Guido has operationally supported numerous incidents and investigations.

Mr. Guido has a bachelor's degree in computer science from Springfield College and a master's degree in computer science from the George Washington University.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!