Research Area:  Digital Forensics

Abstract:

Triage has been suggested as a means to prioritize and identify sources and artifacts of evidence that might be of most interest when faced with large amounts of digital evidence. Memory Forensics has long relied on simple string matching to triage evidence sources. In this paper, we describe the early developments into our study on Machine Learning-based triage for Memory Forensics. To start off, there are no large datasets of memory captures available. We thus, develop a toolset to enable the automated creation of realistic Android process memory dumps. Using our toolset we generate a dataset of 2375 process memory string dumps from both malicious and benign Android applications, classified by VirusTotal, and sourced from the AndroZoo project. Our dataset and toolset are made available online to help promote research in this field and related areas.

Keywords:  

Author(s) Name:  Irvin Homem

Publisher name:  Springer

DOI:  10.1007/978-3-319-73697-6_18

Volume Information:  

Paper Link:   https://link.springer.com/chapter/10.1007/978-3-319-73697-6_18