海角社区 Cybersecurity Team Awarded $1M from U.S. Department of Homeland Security to Help Fight Terrorism, Online Crime
January 11, 2024
Two separate research projects led by 海角社区 cybersecurity experts Golden Richard and Aisha Ali-Gombe have each been awarded half a million dollars in defense funding through the Criminal Investigations and Network Analysis Center, a Department of Homeland Security Center of Excellence at George Mason University, to advance the state-of-the-art of memory forensics, which is a frontier field in digital investigations to recover elusive evidence of criminal activity.
海角社区鈥檚 cybersecurity team is one of the leading developers of memory forensics in the world. The power of memory forensics lies in its ability to document short-term memory on computers and digital devices, including cellphones. Just like most coroners would know how to autopsy a human brain while few would be able to document a person鈥檚 thoughts, memory forensics experts can extract evidence in ways that seem almost supernatural compared to traditional digital forensics, which involves the discovery of permanently stored data and long-term memory on hard drives.
海角社区 cybersecurity faculty Golden Richard and Aisha Ali-Gombe have each received half a million dollars from the U.S. Department of Homeland Security through the Criminal Investigations and Network Analysis Center, or CINA.
The 海角社区 team鈥檚 growing collaborations and partnerships with state and federal agencies and leading security and defense organizations, including the National Security Agency, U.S. Secret Service, Louisiana State Police, and Louisiana National Guard, are partly based on its frontier memory forensics capabilities, driven by the increasing need all around the world to gather irrefutable digital evidence to fight online crime and international cyberattacks and terrorism. 海角社区鈥檚 recent designation as a Center of Academic Excellence in Cyber Operations by the National Security Agency was contingent on its cybersecurity team鈥檚 ability to teach hands-on memory forensics.
鈥淢alware and cyberattacks now routinely leave no traces on non-volatile data storage devices,鈥 said Golden Richard, professor in the Division of Computer Science and Engineering in the 海角社区 College of Engineering with a joint appointment in the 海角社区 Center for Computation & Technology and interim director of the 海角社区 Cyber Center. 鈥淭his puts enormous pressure on investigators who might have been trained in traditional 鈥榩ull-the-plug鈥 forensic techniques.鈥
Recent major hacks by foreign adversaries trying to undermine the safety and security of the United States led the Cybersecurity and Infrastructure Security Agency, or CISA, to mandate all affected agencies to use memory forensics as part of their incident response. Meanwhile, effective memory forensics requires deep technical expertise, which creates an accessibility and scalability problem for most agencies that often lack easy-to-use tools in combination with enough workforce.
Richard鈥檚 project will help solve this challenge.
The 海角社区 cybersecurity team鈥檚 world-leading expertise in memory forensics helps national and state security agencies discover reliable evidence of criminal activity in the short-term memory on computers and digital devices, including mobile phones. Photo illustration created using Adobe Firefly.
鈥淲e want to make memory forensics more accessible, so it can be used to target new and evolving threats,鈥 Richard said. 鈥淥ur research will integrate the Structured Threat Information Expression, or STIX, language鈥攐ne of the most common ways investigators describe, document, and communicate cyber incidents鈥攚ith the open-source Volatility Framework, the most widely used memory forensics toolset. This way, investigators and even non-investigators from different backgrounds and in different working environments will be able to conduct and coordinate more accurate and efficient cyber operations.鈥
The second 海角社区 project that鈥檚 been newly funded by the Department of Homeland Security aims to recover code and reconstruct processes on Android devices, which have at least a 70 percent global market share.
鈥淲hat we鈥檙e working on can be used to investigate illegal activities on Android smartphones, including cryptocurrency transactions and chat data between terrorists on end-to-end encrypted social media platforms,鈥 said Aisha Ali-Gombe, associate professor in the Division of Computer Science and Engineering in the 海角社区 College of Engineering with a joint appointment in the 海角社区 Center for Computation & Technology. 鈥淎lso, we can help recover and provide context to deleted activities and messages. Our framework will be able to reconstruct the execution path of a mobile application that clearly shows the most recent user activity, thus providing investigators with actionable evidence they can use in court.鈥
Both undergraduate and graduate 海角社区 students are assisting with the research.
Lauren Pace, a third-year doctoral student from Covington, Louisiana, is working with Richard on the STIX integration.
鈥淚t鈥檚 very exciting to think about my work impacting real investigations,鈥 Pace said. 鈥淜nowing that I鈥檓 helping to speed up the recovery of information and increase the number of people who can do memory forensics is an excellent motivator.鈥
Nicholas Tanet, a computer science senior from New Orleans, Louisiana, is helping Ali-Gombe do memory dumps from Android smartphones and find patterns to build a code-recovery engine to help reconstruct user activity.
鈥淚鈥檝e grown an appreciation for the research process and found a great interest in memory analysis and reverse engineering,鈥 Tanet said. 鈥淚 have constant chances to learn new things and am also gaining many new friends.鈥