Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Coriander: A Toolset for Generating Realistic Android Digital Evidence Datasets
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2017 (English)In: Digital Forensics and Cyber Crime: Proceedings / [ed] Petr MatouĊĦek, Martin Schmiedecker, Springer, 2017, p. 228-233Conference paper, Published paper (Refereed)
Abstract [en]

Triage has been suggested as a means to prioritize and identify sources and artifacts of evidence that might be of most interest when faced with large amounts of digital evidence. Memory Forensics has long relied on simple string matching to triage evidence sources. In this paper, we describe the early devel-opments into our study on Machine Learning-based triage for Memory Forensics. To start off, there are no large datasets of memory captures available. We thus, develop a toolset to enable the automated creation of realistic Android process memory dumps. Using our toolset we generate a dataset of 2375 process memory string dumps from both malicious and benign Android applications, classified by VirusTotal, and sourced from the AndroZoo project. Our dataset and toolset are made available online to help promote research in this field and related areas.

Place, publisher, year, edition, pages
Springer, 2017. p. 228-233
Series
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, ISSN 1867-8211 ; 216
Keywords [en]
Android Forensics, Digital Forensics, Mobile Forensics, Memory Forensics, Digital Evidence, Datasets, Metadata, Machine Learning, Triage
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-149260DOI: 10.1007/978-3-319-73697-6_18ISBN: 978-3-319-73696-9 (print)ISBN: 978-3-319-73697-6 (electronic)OAI: oai:DiVA.org:su-149260DiVA, id: diva2:1159976
Conference
9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017
Available from: 2017-11-24 Created: 2017-11-24 Last updated: 2018-10-30Bibliographically approved
In thesis
1.
The record could not be found. The reason may be that the record is no longer available or you may have typed in a wrong id in the address field.

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Homem, Irvin
By organisation
Department of Computer and Systems Sciences
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 11 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf