University of South Alabama
The University of South Alabama (USA) site for the Center for Advanced Research in Forensic Science focuses on Digital Forensics Information Intelligence (DFII). Broadly defined, DFII is the development, testing, and implementation of novel approaches to understanding not only how devices, information systems, and software can be compromised, but also how one can reliably determine how those compromises occurred. We strive to enhance the body of knowledge in digital forensic science through core long-term research thrusts in malicious software analysis, technology evaluation, and detection and exploitation. Eleven faculty members at the School of Computing are working in areas relevant to the Site, primarily in cybersecurity and digital forensics. Shelby Hall, home to the School, is a 165,000 ft2 state-of-the-art research and teaching facility dedicated to computing and engineering. Located on the central Gulf Coast, USA is a growing research institution of over 16,000 students in a region experiencing robust economic development. The area has one of the highest growth, highest employment, and most diverse economies in the South featuring key industry sectors in shipping, shipbuilding, chemical, aerospace, energy, and tourism.
Dr. Michael Chambers
Adjunct Professor, Mitchell Cancer Institute, USA
Assistant Vice President for Research Innovation, USA
Prior to joining the University of South Alabama as Assistant Vice President, Research Innovation, Dr. Chambers founded and served as President and CEO of Swift Biotech, a company developing technologies to fight cancer. Before Swift, Chambers helped found and served as CEO of InnoRx Pharmaceuticals, an ocular drug delivery company. He negotiated its sale to SurModics (NASDAQ: SRDX) in 2005. Prior Chairman of ProUroCare, a public company based in Minneapolis, he has served on the boards of InQ Biosystems, Gene Capture, BioAlabama and the EDPA. He was a co-author of the Commercialization portion of the Alabama Science & Technology Roadmap commissioned by then Governor Bob Riley. Dr. Chambers has been recognized in Best Attorneys in the United States in Commercial Law, Arbitration and Mediation, and recognized as a Top Attorney in Health Care. He has taught arbitration for the American Arbitration Association for over 20 years to certify new arbitrators in the US and routinely serves as an arbitrator in complex disputes. He was previously certified as a Civil Trial Specialist by the National Board of Trial Advocacy and has served as an examiner for those seeking certification. He served as Chairman of the Mobile Area Chamber of Commerce in 2014. He co-founded 1702, an entrepreneurship and mentoring organization and was named “Start-Up Executive of the Year” in 2014 by Alabama LaunchPad. An active Rotarian, he served as District Governor in 2015-2016. He received B.A. and J.D. degrees from the University of Alabama and a Ph.D. from the University of Geneva in Switzerland where he was a Rotary Ambassadorial Scholar and a Swiss Confederation Fellow. He speaks French and Spanish. He serves as an Adjunct Professor of Oncologic Sciences at the Mitchell Cancer Institute and has served as a grant reviewer for the National Science Foundation.
Dr. William Bradley Glisson
Associate Professor, School of Computing, USA
Dr. William Bradley Glisson is an Associate Professor at the University of South Alabama. He has a Ph.D. in Computing Science from the University of Glasgow, Scotland, 2008, Master of Science in Information Management from the University of Strathclyde, Scotland, 2001, Bachelor of Science in Information Systems & Operations Management from the University of North Carolina at Greensboro, 1999, and a Bachelor of Science in Management from the University of North Carolina at Greensboro, 1993. Dr. Glisson has ten years of industrial experience which includes working for U.S. and UK Global Fortune 500 ﬁnancial institutions. Dr. Glisson has been the primary investigator on residual data research projects funded predominately by industry. Dr. Glisson has authored over 50 peer-reviewed publications that currently consist of 10 journal articles, 1 trade journal, 1 book chapter, 31 conference publications, 4 workshop publications and 6 abstracts. His area of research focuses on digital forensics, information assurance, software engineering, and applied computing science with a speciﬁc interest in the security, business, and healthcare implications associated with residual data. Dr. Glisson has co-chaired several conference mini-tracks that include: Hawaii International Conference on System Sciences at Hawaii International Conference on System Sciences (HICSS) mini-tracks in 2018 “Cyber-of-Things: Cyber Crimes, Cyber Security and Cyber Forensics” Mini-track; in 2017 “Cyber-of-Things: Cyber-Crimes and Cyber-Security” Mini-track; in 2016 “Cybercrimes, Cyber-Physical Innovations, and Emerging Investigation Challenges” Mini-track; and the “IS Security, Cyber Crime and Digital Investigations” mini-track for the 26th Australasian Conference on Information Systems. Previous to this appointment, he was the Director of the Computer Forensics MSc program at the University of Glasgow for ﬁve years. He builds on previous administrative and teaching experiences to teach and improve digital forensic courses while researching relevant real-world digital forensic issues.
CARFS Funded Projects
- Investigation of Smartphone Residual Data in Secondary Markets (with Dr. McDonald, USA): This research seeks to identify trends in residual data in secondary markets, the performance capabilities of industry accepted tool-kits (Cellebrite, XRY, FTK Phone Examiner Plus) along with an analysis of the impact of improved storage capacities, garbage collection, and reset capabilities on newer devices. It is increasingly important for organizations and law enforcement to understand the residual data that can be gathered from mobile devices in terms of intellectual property leakage, residual data retention from social media apps and residual GPS data. According to the International Data Corporation (IDC), Android is the dominant OS with, approximately, 82% of the market. Hence, this research will also investigate the effeteness of the top three remote deletion apps available on Google Play.
- Hardware-Based Exploitation and Forensics Evaluation of iOS Devices (with Dr. McDonald and Dr. Andel, USA): This research seeks to identify opportunities for exploitation of iOS (iPhone Operating System) devices for the purposes of information and data recovery relative to forensic investigations. We will investigate solutions to unlock/access iOS devices for data recovery purposes using available black box tools, known vulnerabilities, and hardware-based side channel techniques such as power glitching and Electromagnetic (EM) probing. These techniques may also allow exposure of keying material from cryptographic algorithms operating on iOS devices outside of an unlock scenario. The initial project would begin by investigating low-cost EM-based attacks to develop an understanding of the information leaked along with identification of opportunities for further exploitation and manipulation. The tools utilized for this attack would include: oscilloscopes, digital multi-meters, pcs with data acquisition boards and related interfacing. The need to recover data from locked iOS devices with automatic data erasure, particularly versions 8.x and above, has been of public and government interest for quite some time. For example, the FBI paid under $1 million to a contractor for a technique used to unlock the iPhone used by one of the San Bernardino shooters
Dr. Jordan Shropshire
Professor, School of Computing, USA
Dr. Jordan Shropshire is a Professor of CIS at the University of South Alabama. His research centers on the technical and strategic aspects of cloud and infrastructure security. His research is funded by organizations such as the National Science Foundation, U.S. Department of Defense, Cisco, IBM, and RedHat. Dr. Shropshire has published articles in journals such as European Journal of Information Systems, Computers & Security, and Journal of Computer Information Systems. He has served as reviewer and ad hoc associate editor for journals such as MIS Quarterly, European Journal of Information Systems, Decision Support Systems, and Information Systems Research. He has presented research and provides reviews for conferences such as America’s Conference on Information Systems (AMCIS), International Conference on Information Systems (ICIS), and Hawaiian International Conference on Systems Science (HICSS). Dr. Shropshire completed his PhD from Mississippi State University and his B.S. from the University of Florida.
CARFS Funded Projects
This research develops a new, out-of-band model for monitoring the integrity of virtual machines. It uses visual analytics to identify malware embedded within guest operating systems, files, and software. The proposed model not only works with virtual machines, but also with containers and unikernels. The proposed approach renders a two-dimensional, colored depiction of each guest’s disk image. The depictions are analyzed using a pattern recognition algorithm. The pattern recognition algorithm is trained to parse the depictions and identify individual files and software components. The detection process focuses on identifying elements which do not appear as expected. Three visual detection methods are proposed: (1) Anomaly detection: Compare each file or software component visualization against a trusted depiction of the same element in order to identify anomalies such as modifications, deletions, or additions to binary files. (2) Rule-based detection: Depictions of file or software components are compared against a rule set designed to flag signs of concealed malware such as compressed or encrypted data within the contents of certain files. (3) Signature-based detection: Compare virtual machine disk image depictions against a database of visualizations of known malware
Dr. Todd R. Andel
Professor, School of Computing, USA
Todd R. Andel is a Professor at the University of South Alabama’s School of Computing. He received his Ph.D. in Computer Science from Florida State University (2007), an M.S. in Computer Engineering from Air Force Institute of Technology (2002), and a B.S. in Computer Engineering from the University of Central Florida (1998). He was a prior faculty member of the Department of Electrical and Computer Engineering at Air Force Institute of Technology from 2007 to 2012. He is a retired Major in the U.S. Air Force, serving over 23 years specializing in cyber systems defense, research, and education. He has published over 50 peer-reviewed papers and journals related to computer and information security, side-channel analysis, embedded systems security, network security protocols, and formal methods. He is a senior member of the IEEE and senior member of the ACM.
CARFS Funded Projects
On-Device Detection via Anomalous Environmental Factors: The purpose of this project is to develop real-time attacker detection capabilities through the use of device level measurements of environmental factors. We hypothesize that physical indicators from attacker activity can be statistically distinguished from normal operations. The research objective is expected to determine if the correlation between side-channel indicators due to attacker activities and a single on-chip sensor, such as temperature can be discovered. The integration of multiple sensors will be correlated to provide secondary measurement channels not available to the attackers. This will provide a correlation source that cannot be subverted. The project team consists of three investigators, Dr. Todd Andel, Dr. Todd McDonald, and Dr. Ryan Benton, as well as one graduate student worker. The team will develop and test the sensors and target platform as well as integrate correlation algorithms into the sensing platform.