BATON ROUGE, LA (WAFB) - An LSU professor has received a $1.1 million grant from the National Science Foundation's Secure & Trustworthy Cyberspace program to research memory forensics to aide the fight of cybercrime, the university announced in a statement Thursday. LSU Computer Science Professor Golden Richard III has been at the forefront of memory forensics for over a decade.
Richard's work on memory forensics seeks to aide in the problems of data breaches and computer viruses, which seem to have outpaced solutions. "Traditional digital forensics involves searching storage devices for digital evidence that might be useful in civil or criminal litigation or in trying to understand whether a system has been attacked," Richard said. "Memory forensics involves adding the contents of RAM to this search space.
When investigators turn off a hard drive the volatile state, meaning the data in the random-access memory (RAM) of the computer is then lost. Memory forensics makes a copy of a computer's RAM and then finds forensic artifacts such as which applications were recently running, network connections, signs of malware infection, and etc. Richard's main collaborator Andrew Case, is an LSU student who has been deeply involved in the creation and maintenance of Volatility, which is one of the most famous open-source memory forensics tools.
According to LSU, Richard and his team of students are addressing three important research issues in memory forensics through this project. The first is providing access to data that describes what a computer system should look like, making it easier to determine if it has been infected with malware. The second is using their testing tool, "Gaslight," to force other memory forensics tools to reveal the mistakes they make, which can then be fixed. The third is developing better memory forensic techniques to detect certain kinds of malware.
Richard says the work will be integrated into Volatility so to help other researchers and cybersecurity experts.