Search

Your search keyword '"Bellizzi, Jennifer"' showing total 8 results
Start Over Author "Bellizzi, Jennifer"
8 results on '"Bellizzi, Jennifer"'

1. Responding to Living-Off-the-Land Tactics using Just-in-Time Memory Forensics (JIT-MF) for Android

Author

Bellizzi, Jennifer, Vella, Mark, Colombo, Christian, and Hernandez-Castro, Julio

Subjects
Computer Science - Cryptography and Security
Abstract

Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tactics are adopted, leave investigators little evidence to work with. Volatile memory forensics can be an effective approach since app execution of any form is always bound to leave a trail of evidence in memory, even if perhaps ephemeral. Just-in-Time Memory Forensics (JIT-MF) is a recently proposed technique that describes a framework to process memory forensics on existing stock Android devices, without compromising their security by requiring them to be rooted. Within this framework, JIT-MF drivers are designed to promptly dump in-memory evidence related to app usage or misuse. In this work, we primarily introduce a conceptualized presentation of JIT-MF drivers. Subsequently, through a series of case studies involving the hijacking of widely-used messaging apps, we show that when the target apps are forensically enhanced with JIT-MF drivers, investigators can generate richer forensic timelines to support their investigation, which are on average 26% closer to ground truth., Comment: 14 pages, 3 figures, 2 tables, 2 listings, SECRYPT 2021

Published
2021

2. Real-Time Triggering of Android Memory Dumps for Stealthy Attack Investigation

Author

Bellizzi, Jennifer, Vella, Mark, Colombo, Christian, Hernandez-Castro, Julio, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Asplund, Mikael, editor, and Nadjm-Tehrani, Simin, editor

Published
2021
Full Text
View/download PDF

4. VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory Forensics.

Author

Bellizzi, Jennifer, Losiouk, Eleonora, Conti, Mauro, Colombo, Christian, and Vella, Mark

Subjects
SMARTPHONES, FORENSIC sciences, MALWARE, MOBILE apps, DATA extraction
Abstract

The ubiquity of Android smartphones makes them targets of sophisticated malware, which maintain long-term stealth, particularly by offloading attack steps to benign apps. Such malware leaves little to no trace in logs, and the attack steps become difficult to discern from benign app functionality. Endpoint detection and response (EDR) systems provide live forensic capabilities that enable anomaly detection techniques to detect anomalous behavior in application logs after an app hijack. However, this presents a challenge, as state-of-the-art EDRs rely on device and third-party application logs, which may not include evidence of attack steps, thus prohibiting anomaly detection techniques from exposing anomalous behavior. While, theoretically, all the evidence resides in volatile memory, its ephemerality necessitates timely collection, and its extraction requires device rooting or app repackaging. We present VEDRANDO, an enhanced EDR for Android that accomplishes (i) the challenge of timely collection of volatile memory artefacts and (ii) the detection of a class of stealthy attacks that hijack benign applications. VEDRANDO leverages memory forensics and app virtualization techniques to collect timely evidence from memory, which allows uncovering attack steps currently uncollected by the state-of-the-art EDRs. The results showed that, with less than 5% CPU overhead compared to normal usage, VEDRANDO could uniquely collect and fully reconstruct the stealthy attack steps of ten realistic messaging hijack attacks using standard anomaly detection techniques, without requiring device or app modification. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results