Engineering Commons^™

Apps For Actionable Workflows: Tools To Stay In The Loop And On Top Of Tasks, Rachel S. Evans

Presentations

No matter what member of the team you are or what type of library you are in - be it electronic resources manager, cataloger, head of acquisitions, ILS or systems administrator, or even repository coordinator - getting things done and meeting goals depends largely on how you communicate with one another and how you handle your time. Meeting goals and deadlines on both big and small projects in addition to your personal tasks can be achieved less painfully by making effective use of a few on point tools. This session will use the presenter's preferred platforms to show specific examples …

Automated Dynamic Detection Of Self-Hiding Behaviors, Luke Baird

Student Works

Certain Android applications, such as but not limited to malware, conceal their presence from the user, exhibiting a self-hiding behavior. Consequently, these apps put the user’s security and privacy at risk by performing tasks without the user’s awareness. Static analysis has been used to analyze apps for self-hiding behavior, but this approach is prone to false positives and suffers from code obfuscation. This research proposes a set of three tools utilizing a dynamic analysis method of detecting self-hiding behavior of an app in the home, installed, and running application lists on an Android emulator. Our approach proves both highly accurate …

Automated Dynamic Detection Of Self-Hiding Behavior In Android Apps, Luke Baird, Seth Rodgers

Student Works

Android applications that conceal themselves from a user, defined as exhibiting a “self-hiding behavior,” pose a threat to the user’s privacy, as these applications can live on a device undetected by the user. Malicious applications can do this to execute without being found by the user. Three lists are analyzed in particular—the home, running, and installed lists—as they are directly related to the typical Android app life cycle. Additionally, self-hiding behavior in the device admin list is analyzed due to the potential for catastrophic actions to be taken by device admin malware. This research proposes four dynamic analysis tools that …

Map My Murder: A Digital Forensic Study Of Mobile Health And Fitness Applications, Courtney Hassenfeldt, Shabana Baig, Ibrahim Baggili, Xiaolu Zhang

Electrical & Computer Engineering and Computer Science Faculty Publications

The ongoing popularity of health and fitness applications catalyzes

the need for exploring forensic artifacts produced by them. Sensitive

Personal Identifiable Information (PII) is requested by the applications

during account creation. Augmenting that with ongoing

user activities, such as the user’s walking paths, could potentially

create exculpatory or inculpatory digital evidence. We conducted

extensive manual analysis and explored forensic artifacts produced

by (n = 13) popular Android mobile health and fitness applications.

We also developed and implemented a tool that aided in the timely

acquisition and identification of artifacts from the examined applications.

Additionally, our work explored the type of …

Experience Constructing The Artifact Genome Project (Agp): Managing The Domain's Knowledge One Artifact At A Time, Cinthya Grajeda, Laura Sanchez, Ibrahim Baggili, Devon R. Clark, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

While various tools have been created to assist the digital forensics community with acquiring, processing, and organizing evidence and indicating the existence of artifacts, very few attempts have been made to establish a centralized system for archiving artifacts. The Artifact Genome Project (AGP) has aimed to create the largest vetted and freely available digital forensics repository for Curated Forensic Artifacts (CuFAs). This paper details the experience of building, implementing, and maintaining such a system by sharing design decisions, lessons learned, and future work. We also discuss the impact of AGP in both the professional and academic realms of digital forensics. …

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.