CERIAS researchers won the Best Student Paper award at the 23rd USENIX Security Symposium, a top-tier computer systems security conference. The paper, “DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse,” was co-authored by Ph.D. students Brendan Saltaformaggio and Zhongshu Gu, with CS Professors Xiangyu Zhang and Dongyan Xu. This award was presented at the conference on August 20 in San Diego.
DSCRETE is a memory forensics tool for cyber crime investigators which enables automatic discovery and rendering of in-memory data structure contents. DSCRETE overcomes the common challenge in memory forensics that investigators are often not able to interpret the content of data structures, even with a deep understanding of the data structure’s syntax and semantics. For example, the figure shown on the above (Fig. 1) depicts part of a raw in-memory data structure for a JPEG image, which an investigator would need to manually decode. DSCRETE leverages binary code analysis and reuse to scan memory images and automatically render the contents using an application’s own output functions, presenting investigators with intuitive, ready-to-use digital evidence. Using DSCRETE, the investigator can retrieve the JPEG image’s content (i.e., figure 2 shown below).