*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: March 17, 2018
Jackie Nemeth
School of Electrical and Computer Engineering
404-894-2906
Summary Sentence:
ECE Assistant Professor Brendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation.
Full Summary:
ECE Assistant Professor Brendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation.
Brendan SaltaformaggioBrendan D. Saltaformaggio has received the CISE Research Initiation Initiative (CRII) Award from the National Science Foundation (NSF).
Saltaformaggio is an assistant professor in the Georgia Tech School of Electrical and Computer Engineering (ECE), where he leads the Cyber Forensics Innovation Laboratory. The title of his research project is "GEMINI: Guided Execution Based Mobile Advanced Persistent Threat Investigation.”
Advanced persistent threat (APT) campaigns are increasingly targeting mobile devices deployed across corporations, governments, and financial institutions. Unfortunately, prohibitively slow responses to even high-profile APT attacks have shown that authorities lack the capability to quickly investigate ongoing attacks (in a matter of hours or days rather than months). To address this challenge, Saltaformaggio’s research draws inspiration from recent developments in memory image forensics, in particular a recently introduced technique called guided execution. This technique has provided rapid evidence collection and crime investigation capabilities currently unparalleled in APT investigation.
Through this research, Saltaformaggio is developing an integrated framework, called GEMINI, which shifts the goal of modern memory forensics from the investigation of physical-world crimes to APT campaigns. Based on the analysis of only a single memory image – collected from an Android device after an attack is suspected – GEMINI provides the following set of APT investigation capabilities:
This work directly contributes to national security by advancing research in and developing techniques for the investigation of APT campaigns targeting mobile devices. In addition, the results of this research are being made publicly available with the goal of enhancing discovery and empowering future research in this area, as well as contributing to the development of new curriculum materials focused on malware analysis and reverse engineering.
