Incident Virtualization Toolkit (IVT)
When computing or network resources are compromised, there is a need to preserve system information, data, and hardware states for subsequent forensic analysis. For severe compromises, operators may attempt to mitigate an event by either pulling the network cable or physically turning off the machine. Some will image the hard drives and attempt to dump a portion of system memory. Then they restore the system with validated system backups, usually in the form of hard drive images or reinstallation of the system from trusted vendor media. This process has significant disadvantages because most memory and device state information is usually lost. In some cases, a dump of memory can be obtained, but frequently that is incomplete. The net result is that opportunities to analyze the exploiter’s tactics and techniques are lost. Today’s forensics capabilities generally allow for the static examination of incident data. The next generation of capability will allow the continuation of the actual event in a highly instrumented virtual forensics environment, i.e. dynamic analysis of the exploit and system it compromised.
 
Project Leads
Newton Brown, PNNL
Wayne Meitzler, PNNL

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.