LSU Cybersecurity Team Awarded $1M from U.S. Department of Homeland Security to Help Fight Terrorism, Online Crime
January 11, 2024
Two separate research projects led by LSU cybersecurity experts Golden Richard and Aisha Ali-Gombe have each been awarded half a million dollars in defense funding through the Criminal Investigations and Network Analysis Center, a Department of Homeland Security Center of Excellence at George Mason 嬝嬝腦瞳厙, to advance the state-of-the-art of memory forensics, which is a frontier field in digital investigations to recover elusive evidence of criminal activity.
LSUs cybersecurity team is one of the leading developers of memory forensics in the world. The power of memory forensics lies in its ability to document short-term memory on computers and digital devices, including cellphones. Just like most coroners would know how to autopsy a human brain while few would be able to document a persons thoughts, memory forensics experts can extract evidence in ways that seem almost supernatural compared to traditional digital forensics, which involves the discovery of permanently stored data and long-term memory on hard drives.
LSU cybersecurity faculty Golden Richard and Aisha Ali-Gombe have each received half a million dollars from the U.S. Department of Homeland Security through the Criminal Investigations and Network Analysis Center, or CINA.
The LSU teams growing collaborations and partnerships with state and federal agencies and leading security and defense organizations, including the National Security Agency, U.S. Secret Service, Louisiana State Police, and Louisiana National Guard, are partly based on its frontier memory forensics capabilities, driven by the increasing need all around the world to gather irrefutable digital evidence to fight online crime and international cyberattacks and terrorism. LSUs recent designation as a Center of Academic Excellence in Cyber Operations by the National Security Agency was contingent on its cybersecurity teams ability to teach hands-on memory forensics.
Malware and cyberattacks now routinely leave no traces on non-volatile data storage devices, said Golden Richard, professor in the Division of Computer Science and Engineering in the LSU College of Engineering with a joint appointment in the LSU Center for Computation & Technology and interim director of the LSU Cyber Center. This puts enormous pressure on investigators who might have been trained in traditional pull-the-plug forensic techniques.
Recent major hacks by foreign adversaries trying to undermine the safety and security of the United States led the Cybersecurity and Infrastructure Security Agency, or CISA, to mandate all affected agencies to use memory forensics as part of their incident response. Meanwhile, effective memory forensics requires deep technical expertise, which creates an accessibility and scalability problem for most agencies that often lack easy-to-use tools in combination with enough workforce.
Richards project will help solve this challenge.
The LSU cybersecurity teams world-leading expertise in memory forensics helps national and state security agencies discover reliable evidence of criminal activity in the short-term memory on computers and digital devices, including mobile phones. Photo illustration created using Adobe Firefly.
We want to make memory forensics more accessible, so it can be used to target new and evolving threats, Richard said. Our research will integrate the Structured Threat Information Expression, or STIX, languageone of the most common ways investigators describe, document, and communicate cyber incidentswith the open-source Volatility Framework, the most widely used memory forensics toolset. This way, investigators and even non-investigators from different backgrounds and in different working environments will be able to conduct and coordinate more accurate and efficient cyber operations.
The second LSU project thats been newly funded by the Department of Homeland Security aims to recover code and reconstruct processes on Android devices, which have at least a 70 percent global market share.
What were working on can be used to investigate illegal activities on Android smartphones, including cryptocurrency transactions and chat data between terrorists on end-to-end encrypted social media platforms, said Aisha Ali-Gombe, associate professor in the Division of Computer Science and Engineering in the LSU College of Engineering with a joint appointment in the LSU Center for Computation & Technology. Also, we can help recover and provide context to deleted activities and messages. Our framework will be able to reconstruct the execution path of a mobile application that clearly shows the most recent user activity, thus providing investigators with actionable evidence they can use in court.
Both undergraduate and graduate LSU students are assisting with the research.
Lauren Pace, a third-year doctoral student from Covington, Louisiana, is working with Richard on the STIX integration.
Its very exciting to think about my work impacting real investigations, Pace said. Knowing that Im helping to speed up the recovery of information and increase the number of people who can do memory forensics is an excellent motivator.
Nicholas Tanet, a computer science senior from New Orleans, Louisiana, is helping Ali-Gombe do memory dumps from Android smartphones and find patterns to build a code-recovery engine to help reconstruct user activity.
Ive grown an appreciation for the research process and found a great interest in memory analysis and reverse engineering, Tanet said. I have constant chances to learn new things and am also gaining many new friends.