Smothered in malware. What's new?
I recently collaborated with Andrew Case to develop Volatility plugins to support forensic analysis of of compressed RAM in Mac OS X Mavericks and Linux. The paper describing our work was presented at DFRWS 2014 and won the best paper award at the conference. The plugins mentioned in the paper are being integrated into the current Volatility release. Volatility 3 (coming someday) will support decompression transparently for all plugins using our work.
I'm the PI on an NSF EAGER grant (with Carl Weems and Irfan Ahmed) that explores the relationship between psychological traits and both "good" and "bad" cyber behavior. The grant is approximately $250K and we'll complete the work over 2014-2015. We're excited about the work and the chance for the Departments of Computer Science and Psychology to work together for the first time.
Our $1.2M proposal, "TWC: Medium: Collaborative: Towards a Binary-Centric Framework for Cyber Forensics in Enterprise Environments", in collaboration with Purdue, was funded in 2014. We'll complete the work over a three year period. All the graduate student positions for this grant are currently filled--thanks for all the interest!
DFRWS 2015 will be held in Philadelphia between August 9 and 13th. We're presenting two papers at the conference, "Advancing Mac OS X Rootkit Detection" (with Andrew Case) and "Rapid Forensic Imaging of Large Disks with Sifting Collectors" (with Jonathan Grier). Hope to see you there!
The 2015 DFRWS Forensics Challenge is underway! The deadline for submissions is May 30, 2015.
DFRWS Best Paper Award
New NSF EAGER Grant
New NSF Cyber Grant
DFRWS 2015 Challenge