Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 3 of 3
Full-Text Articles in Engineering
Duck Hunt: Memory Forensics Of Usb Attack Platforms, Tyler Thomas, Mathew Piscitelli, Bhavik Ashok Nahar, Ibrahim Baggili
Duck Hunt: Memory Forensics Of Usb Attack Platforms, Tyler Thomas, Mathew Piscitelli, Bhavik Ashok Nahar, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
To explore the memory forensic artifacts generated by USB-based attack platforms, we analyzed two of the most popular commercially available devices, Hak5's USB Rubber Ducky and Bash Bunny. We present two open source Volatility plugins, usbhunt and dhcphunt, which extract artifacts generated by these USB attacks from Windows 10 system memory images. Such artifacts include driver-related diagnostic events, unique device identifiers, and DHCP client logs. Our tools are capable of extracting metadata-rich Windows diagnostic events generated by any USB device. The device identifiers presented in this work may also be used to definitively detect device usage. Likewise, the DHCP logs …
Zooming Into The Pandemic! A Forensic Analysis Of The Zoom Application, Andrew Mahr, Meghan Cichon, Sophia Mateo, Cinthya Grajeda, Ibrahim Baggili
Zooming Into The Pandemic! A Forensic Analysis Of The Zoom Application, Andrew Mahr, Meghan Cichon, Sophia Mateo, Cinthya Grajeda, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform Zoom Bombings. Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such …
Memory Foreshadow: Memory Forensics Of Hardware Cryptocurrency Wallets – A Tool And Visualization Framework, Tyler Thomas, Mathew Piscitelli, Ilya Shavrov, Ibrahim Baggili
Memory Foreshadow: Memory Forensics Of Hardware Cryptocurrency Wallets – A Tool And Visualization Framework, Tyler Thomas, Mathew Piscitelli, Ilya Shavrov, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
We present Memory FORESHADOW: Memory FOREnSics of HArDware cryptOcurrency Wallets. To the best of our knowledge, this is the primary account of cryptocurrency hardware wallet client memory forensics. Our exploratory analysis revealed forensically relevant data in memory including transaction history, extended public keys, passphrases, and unique device identifiers. Data extracted with FORESHADOW can be used to associate a hardware wallet with a computer and allow an observer to deanonymize all past and future transactions due to hierarchical deterministic wallet address derivation. Additionally, our novel visualization framework enabled us to measure both the persistence and integrity of artifacts produced by the …