The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

CERIAS Researchers Win Student Paper Award

Tue, August 26, 2014

CERIAS researchers won the Best Student Paper award at the 23rd USENIX Security Symposium, a top-tier computer systems security conference. The paper, “DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse,” was co-authored by Ph.D. students Brendan Saltaformaggio and Zhongshu Gu, with CS Professors Xiangyu Zhang and Dongyan Xu. This award was presented at the conference on August 20 in San Diego.

(Photo: Brendan Saltaformaggio accepting the award from Dr. Kevin Fu, Chair of the conference.)
image


Figure 1.
image

DSCRETE is a memory forensics tool for cyber crime investigators which enables automatic discovery and rendering of in-memory data structure contents. DSCRETE overcomes the common challenge in memory forensics that investigators are often not able to interpret the content of data structures, even with a deep understanding of the data structure’s syntax and semantics. For example, the figure shown on the above (Fig. 1) depicts part of a raw in-memory data structure for a JPEG image, which an investigator would need to manually decode. DSCRETE leverages binary code analysis and reuse to scan memory images and automatically render the contents using an application’s own output functions, presenting investigators with intuitive, ready-to-use digital evidence. Using DSCRETE, the investigator can retrieve the JPEG image’s content (i.e., figure 2 shown below).

Figure 2.
image
Get Your Degree with CERIAS