Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.

Real-time triggering of Android memory dumps for stealthy attack investigation


Attackers regularly target Android phones and come up withnew ways to bypass detection mechanisms to achieve long-term stealth on a victim's phone. One way attackers do this is by leveraging critical benign app functionality to carry out specifi c attacks. In this paper, we present a novel generalised framework, JIT-MF (Just-in-time Memory Forensics), which aims to address the problem of timely collection of short-lived evidence in volatile memory to solve the stealthiest of Android attacks. The main components of this framework are i) Identi fication of critical data objects in memory linked with critical benign application steps that may be misused by an attacker; and ii) Careful selection of trigger points, which identify when memory dumpsshould be taken during benign app execution.The effectiveness and cost of trigger point selection, a corner stone of this framework, are evaluated in a preliminary qualitative study using Telegram and Pushbullet as the victim apps targeted by stealthy malware.Our study identi fies that JIT-MF is successful in dumping critical dataobjects on time, providing evidence that eludes all other forensic sources.Experimentation offers insight into identifying categories of trigger points that can strike a balance between the effort required for selection andthe resulting effectiveness and storage costs. Several optimisation mea-sures for the JIT-MF tools are presented, considering the typical resource constraints of Android devices.

Authors: Jennifer Bellizzi; Mark Vella; Christian Colombo; Julio Hernandez-Castro; Mark Vella; Christian Colombo; Julio Hernandez-Castro.

Journal: TBA.

Date of Publication: TBA.


Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2021 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.