Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android

Jennifer Bellizzi; Mark Vella; Christian Colombo; Julio Hernandez-Castro

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android

Topics: Digital Forensics; Security and Privacy in Mobile Systems

In Proceedings of the 18th International Conference on Security and Cryptography SECRYPT - Volume 1, 356-369, 2021

Authors: Jennifer Bellizzi ¹ ; Mark Vella ¹ ; Christian Colombo ¹ and Julio Hernandez-Castro ²

Affiliations: ¹ Department of Computer Science, University of Malta, Msida, Malta ; ² School of Computing, Cornwallis South, University of Kent, Canterbury, U.K.

Keyword(s): Memory Forensics, Android Security, Digital Forensics, Incident Response, Forensic Timelines.

Abstract: Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tactics are adopted, leave investigators little evidence to work with. Volatile memory forensics can be an effective approach since app execution of any form is always bound to leave a trail of evidence in memory, even if perhaps ephemeral. Just-In-Time Memory Forensics (JIT-MF) is a recently proposed technique that describes a framework to process memory forensics on existing stock Android devices, without compromising their security by requiring them to be rooted. Within this framework, JIT-MF drivers are designed to promptly dump in-memory evidence related to app usage or misuse. In this work, we primarily introduce a conceptualized present ation of JIT-MF drivers. Subsequently, through a series of case studies involving the hijacking of widely-used messaging apps, we show that when the target apps are forensically enhanced with JIT-MF drivers, investigators can generate richer forensic timelines to support their investigation, which are on average 26% closer to ground truth. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.225.175.230

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Bellizzi, J.; Vella, M.; Colombo, C. and Hernandez-Castro, J. (2021). Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 356-369. DOI: 10.5220/0010603603560369

@conference{secrypt21,
author={Jennifer Bellizzi. and Mark Vella. and Christian Colombo. and Julio Hernandez{-}Castro.},
title={Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={356-369},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010603603560369},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Responding to Living-Off-the-Land Tactics using Just-In-Time Memory Forensics (JIT-MF) for Android
SN - 978-989-758-524-1
IS - 2184-7711
AU - Bellizzi, J.
AU - Vella, M.
AU - Colombo, C.
AU - Hernandez-Castro, J.
PY - 2021
SP - 356
EP - 369
DO - 10.5220/0010603603560369
PB - SciTePress