State-of-the-art malicious software (malware) is increasingly a threat to military, corporate, and civilian computer systems and critical infrastructure. Over the past decade, memory forensics has begun to offer powerful techniques for detecting and analyzing malicious software and is often effective in cases where other methods fail. Memory forensics tools must be robust and trustworthy, because failing to detect a malware infection can have disastrous consequences. This project is addressing a number of important research issues in memory forensics, including expanding the scope and improving the reliability of memory forensics tools and providing investigators with better mechanisms to evaluate the correctness of digital investigations.
This project is addressing three important research issues in memory forensics: (1) Creating a large, diverse collection of freely available, realistic data sets for memory forensics research and practice; (2) Developing a testing platform that automatically discovers errors in both open and closed source memory forensics frameworks; and (3) Developing techniques to detect and analyze user-space (rather than kernel-space) malware activity.