Browsing by Issue Date, starting with "2022-01-15"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- Volatility GUI : Simplifying Memory analysisPublication . Monteiro, Alexandre de Sousa; Frazão, Luís Alexandre LopesDigital forensic analysis is an area generally restricted to a small number of individuals. This happens due to the complexity of entry to the area due to a small user base, few and out-of-date software restricting the more advanced software behind paywalls and licenses. Unfortunately, due to the small user base, open-source projects take a long time to be updated and fall behind software present in other areas. More and more crimes are being committed using digital means, which means that the ability to analyze the physical computer and its components is becoming increasingly more important. The Volatility Framework is used for the analysis of one of these components, the RAM. But the currently available software is far from perfect due to a lack of graphical interface and other functionalities that have come to be the norm for software in the year 2021. This means that the end-user needs to be even more experience to use this software. This thesis has as its main objective the development of a graphical interface to the software Volatility. This graphical interface takes as its main objective to ease the usage of Volatility as much as possible. This is accomplished by introducing automatic commands, reports, more accessible exports, integrations, functionalities that had to be done outside of the tool, among many others. This is done to help the final user that might have very little knowledge and do a complete RAM images analysis without having to use any external tool. The results obtained by the development of the software allow the proof of effectiveness, in levels of time and usefulness, of this tool with new users of this software and this area, and with more experienced users.
- Módulo de análise forense de RAM para Volatility 3.0Publication . Silva, Leonardo Dias da; Frazão, Luís Alexandre LopesO número de dispositivos conectados à Internet está cada vez mais a aumentar, com isto também o número de ataques nesta vertente tem aumentado bastante. Existe cada vez mais a necessidade de proceder a algum tipo de análise aos sistemas digitais que todos nós usamos no nosso dia-a-dia e para tal temos a análise forense digital. Nos dispositivos temos diversos componentes e sistemas internos que podem ser alvo de uma análise forense digital, um dos componentes que tem ganho cada vez mais relevância é a análise de memória RAM. As análises a discos de armazenamento já era algo comum, no entanto muito malware atualmente acaba por esconder ou eliminar este tipo de informação após execução. Algum malware consegue até executar apenas na RAM o que torna a análise desta memória essencial para uma análise forense. Uma das ferramentas mais populares para este tipo de análise é o Volatility que contém diversos módulos que permitem a análise de RAM. Algo também bastante usado são as regras Yara, que permitem efetuar pesquisas na RAM, em ficheiros de crash, ou até mesmo em imagens de máquinas virtuais. É possível utilizar as regras Yara juntamente com o Volatility, uma vez que existe um módulo no Volatility que permite esta utilização, sendo este módulo denominado yarascan. No entanto o yarascan tem algumas limitações. Este projeto é desenvolveu um módulo que mitiga algumas dessas limitações, sendo a principal que apenas é possível correr um ficheiro de regras Yara com cada execução do yarascan. Este módulo desenvolvido pretende também melhorar a forma como o resultado é apresentado ao utilizador, sendo que para tal vai ser apresentado em formato CSV. O módulo criado tem também como objetivo interagir com o GitHub de forma a disponibilizar alguns repositórios de regras Yara ao utilizador. Os resultados obtidos com este projeto permitem verificar que o módulo criado é realmente mais eficiente quando existem diversos ficheiros de regras Yara e que os resultados são apresentados de uma forma mais amigável para o utilizador.
- DATA SCIENCE IN CYBERSECURITYPublication . Prazeres, Nuno Alexandre Gonçalves dos; Rabadão, Carlos Manuel da Silva; Santos, Leonel Filipe Simões; Costa, Rogério Luís de CarvalhoThe new generation of communication networks has brought with them the digitalization of companies and services that have changed not only the way we communicate with each other but also the way we exchange personal and confidential data between people and entities. The IoT is one of the technological paradigms that benefits the most from these new forms of connectivity. The IoT allows us to be always connected to people, companies, our homes, our cities, our intelligent equipment and allows us to automate tasks or control situations remotely that would not be possible without this type of equipment and technology. But with the globalization of networks and services, the need to protect our data and our privacy is something to be concerned about. Although there are already several security options, both in companies and in our service providers, the amount of data that is currently generated far exceeds the capacity, of humans and systems, to analyze what is happening on our networks. In this context, the dissertation presented here will make use of data science and implement machine learning techniques to deal with the volume of data generated by an IoT network. As a scenario, the network of a smart city was chosen, where an intrusion detection system will be placed, supported by a machine learning model so that it is possible to detect any type of activity that is not recognized as being its normal production behavior. The anomaly detection methodology was implemented through machine learning algorithms that enabled the classification of network flows as benign or malicious. By comparing supervised and unsupervised classification algorithms, we found that with a dataset from an IoT network and with flows previously categorized as normal traffic and malicious traffic, supervised classifiers manage to obtain the best results, although they are limited if there is one attack that has not been considered in the given dataset. By combining, in this dissertation, an intrusion detection system with data science and specifically with machine learning models, it was demonstrated that this is a valid cybersecurity solution and that it constitutes an additional layer in terms of ensuring the security of our networks, services, and data.