Cyber Security Research Group

Student projects

Student projects

Project Title: MemTri: A Memory Forensics Triage Tool using Bayesian Network and Volatility
Student: Rohan Murray
Supervisor: Antonis Michalas
Course: MSc in Cyber Security and Forensics
Year: 2015/2016

Abstract:
In this modern era of technology, it is becoming more common for digital devices to be seized as evidence. This has lead to a backlog of digital evidence to be analysed for court cases. A proposed solution to this 'data volume challenge' is to develop digital forensics triage tool that utilises data mining techniques such as supervised machine learning. Apparently, no research has yet been published for the development of a memory forensics triage tools capable of performing crime classification of a memory image.

This work explores the development of such a memory forensics triage tool, labelled MemTri, that can assess the likelihood of criminal activity in a memory image, based on evidence data artefacts generated by several applications. Fictitious illegal firearms suspect activity scenarios were performed on virtual machines to generate 60 test memory images for input into MemTri. Four categories of applications (i.e. Internet Browsers, Instant Messengers, FTP Client and Document Processors) are examined for data artefacts located through the use of regular expressions. These identified data artefacts are then analysed using a Bayesian Network, to assess the likelihood that a seized memory image contained evidence of illegal firearms trading activity. MemTri's normal mode of operation achieved a high artefact identification accuracy performance of 95.7% when the applications' processes were running, however this fell significantly to 60% as applications processes' were terminated. To explore improving MemTri's accuracy performance, a second (scan) mode was developed, which achieved more stable results of around 80% accuracy, even after applications processes' were terminated.

Rohan Murray – a memory forensics triage thesis (PDF)


Project Title: Avoiding Dark Cloud: Secure Storage and Trusted Computing
Student: Joolokeni Haimbala
Supervisor: Antonis Michalas
Course: MSc in Cyber Security and Forensics
Year: 2015/2016

Abstract:
Cloud Computing offers a wide range of attractive benefits, however its adoption is met with concerns regarding the protection of data whilst it is in the cloud. Moving data into the cloud means that the users have less control over their data, this means that the cloud users must trust the cloud provider to protect the data from both external and internal attacks. Several studies has provided security threats in cloud computing and several protocols has been proposed to counter these threats. One of the main concern is data confidentiality in the public cloud which prompted proposals for secure storage systems. Searchable encryption is one of the technique believed to be suitable for providing data confidentiality in the cloud, several techniques has been proposed over the years, however none of this techniques has been implemented by a public cloud services providers. Furthermore several security concerns has been raised in regard to Infrastructure as a Service in the cloud. Several vulnerabilities has been pointed out in the public cloud, raising serious concerns on using IaaS in public clouds. This thesis combines secure storage and trusted computing to provide security in the IaaS. The thesis reviewed Searchable Symmetric Encryption Schemes(SSE) that can be used to provide data confidentiality without compromising the efficiency of the cloud services. SSE schemes provides good security notions however there is a tradeoff between efficiency and privacy. The trusted launch protocols are aimed at reducing the abstraction to the virtual machines launch and migration process, although there is good progress in providing a trusted security platform, more need to be done in order to make close box execution a reality in virtualization.

Joolokeni Haimbala – cloud secure storage and trusted launch thesis (PDF)

People

Find out who is involved with the Cyber Security Research Group.

Publications

Selected publications from members of the Cyber Security Research Group.

Contact

Get in touch to get more information about Cyber Security Research Group.