LSU Cybersecurity Team Awarded $1M from U.S. Department of Homeland Security to Help Fight Terrorism, Online Crime
January 11, 2024
Two separate research projects led by LSU cybersecurity experts Golden Richard and Aisha Ali-Gombe have each been awarded half a million dollars in defense funding through the Criminal Investigations and Network Analysis Center, a Department of Homeland Security Center of Excellence at George Mason University, to advance the state-of-the-art of memory forensics, which is a frontier field in digital investigations to recover elusive evidence of criminal activity.
LSU’s cybersecurity team is one of the leading developers of memory forensics in the world. The power of memory forensics lies in its ability to document short-term memory on computers and digital devices, including cellphones. Just like most coroners would know how to autopsy a human brain while few would be able to document a person’s thoughts, memory forensics experts can extract evidence in ways that seem almost supernatural compared to traditional digital forensics, which involves the discovery of permanently stored data and long-term memory on hard drives.
The LSU team’s growing collaborations and partnerships with state and federal agencies and leading security and defense organizations, including the National Security Agency, U.S. Secret Service, Louisiana State Police, and Louisiana National Guard, are partly based on its frontier memory forensics capabilities, driven by the increasing need all around the world to gather irrefutable digital evidence to fight online crime and international cyberattacks and terrorism. LSU’s recent designation as a Center of Academic Excellence in Cyber Operations by the National Security Agency was contingent on its cybersecurity team’s ability to teach hands-on memory forensics.
“Malware and cyberattacks now routinely leave no traces on non-volatile data storage devices,” said Golden Richard, professor in the Division of Computer Science and Engineering in the LSU College of Engineering with a joint appointment in the LSU Center for Computation & Technology and interim director of the LSU Cyber Center. “This puts enormous pressure on investigators who might have been trained in traditional ‘pull-the-plug’ forensic techniques.”
Recent major hacks by foreign adversaries trying to undermine the safety and security of the United States led the Cybersecurity and Infrastructure Security Agency, or CISA, to mandate all affected agencies to use memory forensics as part of their incident response. Meanwhile, effective memory forensics requires deep technical expertise, which creates an accessibility and scalability problem for most agencies that often lack easy-to-use tools in combination with enough workforce.
Richard’s project will help solve this challenge.
“We want to make memory forensics more accessible, so it can be used to target new and evolving threats,” Richard said. “Our research will integrate the Structured Threat Information Expression, or STIX, language—one of the most common ways investigators describe, document, and communicate cyber incidents—with the open-source Volatility Framework, the most widely used memory forensics toolset. This way, investigators and even non-investigators from different backgrounds and in different working environments will be able to conduct and coordinate more accurate and efficient cyber operations.”
The second LSU project that’s been newly funded by the Department of Homeland Security aims to recover code and reconstruct processes on Android devices, which have at least a 70 percent global market share.
“What we’re working on can be used to investigate illegal activities on Android smartphones, including cryptocurrency transactions and chat data between terrorists on end-to-end encrypted social media platforms,” said Aisha Ali-Gombe, associate professor in the Division of Computer Science and Engineering in the LSU College of Engineering with a joint appointment in the LSU Center for Computation & Technology. “Also, we can help recover and provide context to deleted activities and messages. Our framework will be able to reconstruct the execution path of a mobile application that clearly shows the most recent user activity, thus providing investigators with actionable evidence they can use in court.”
Both undergraduate and graduate LSU students are assisting with the research.
Lauren Pace, a third-year doctoral student from Covington, Louisiana, is working with Richard on the STIX integration.
“It’s very exciting to think about my work impacting real investigations,” Pace said. “Knowing that I’m helping to speed up the recovery of information and increase the number of people who can do memory forensics is an excellent motivator.”
Nicholas Tanet, a computer science senior from New Orleans, Louisiana, is helping Ali-Gombe do memory dumps from Android smartphones and find patterns to build a code-recovery engine to help reconstruct user activity.
“I’ve grown an appreciation for the research process and found a great interest in memory analysis and reverse engineering,” Tanet said. “I have constant chances to learn new things and am also gaining many new friends.”