*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Summary Sentence: Free, open-to-the public discussion about cybersecurity risks, trends, and techniques
Full Summary: Assistant Professor Brendan Saltaformaggio, from the School of Electrical & Computer Engineering, will explain how memory images can be used for cyber forensics.
Brendan Saltaformaggio 
Cybersecurity Lecture Series by IISP"Convicted by Memory: Recovering Spatial-Temporal Digital Evidence from Memory Images"
Memory forensics is becoming a crucial capability in modern cyber forensic investigations. In particular, memory forensics can reveal "up to the minute" evidence of a device's usage, often without requiring a suspect's password to unlock the device, and it is oblivious to any persistent storage encryption schemes. Prior to my work, researchers and investigators alike considered raw data-structure recovery the ultimate goal of memory forensics. This, however, was far from sufficient as investigators were still largely unable to understand the content of the recovered evidence; hence, unlocking the true potential of such evidence in memory images remained an open research challenge.
In this talk, I will focus on my research efforts which break from traditional data-recovery-oriented forensics and instead leverage program analysis to automatically locate, reconstruct, and render spatial-temporal evidence from memory images. I will describe the evolution of this work, starting with the reuse of binary program components to overcome the burden of recovering and understanding highly probative data structures, e.g., photos, chat contents, and edited documents. Then, shifting away from the recovery of data structures, I will introduce spatial-temporal evidence recovery, culminating in the instrumentation of program executions to recreate full sequences of previous smartphone app screens, all from only a single snapshot of a device's memory. Finally, to highlight the role of memory forensics in my overall research agenda, I will briefly present my ongoing and future work in integrated cyber/cyber-physical attack defense and forensics
Brendan Saltaformaggio leads the CyFi Lab as assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology with a courtesy appointment in the School of Computer Science. His research interests are computer systems security and cyber forensics, including memory forensics, binary analysis and instrumentation, vetting of untrusted software, and mobile/IoT security. He completed his Ph.D. at Purdue University.
The Cybersecurity Lecture Series at Georgia Tech is a free, one-hour lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research. Lectures are open to all -- students, faculty, industry, government, or simply the curious.
