My Work!

It is very exciting for me to interact and collaborate with college students and I love it!
I am actively seeking researchers/students for various aspects — Bachelor thesis & Master thesis with research interests in the areas of:
1. Digital Forensics & Incident Response [DFIR]
2. Malware Analysis [Windows and macOS]
Reach out to me via LinkedIn:
- If you are interested in doing your thesis / dissertation/ major or minor project in the area of DFIR or Malware Analysis. You need to come up with your own idea :)
- If you would like to present your project at Security Conferences.
- For a review or feedback on your project,
- Note:
  - I do not provide any Research/Project Ideas, you are encouraged to come up with your own ideas.
  - Decide and pitch in your idea on what you want to do after doing some background work i.e. Literature Review and/or Googling!

Personal & Collaborative Projects / independent research

macOS Lockdown Mode Forensics

This is an ongoing research on macOS Lockdown Mode which was presented at MVS 2025 and NullCon 2025

WSA Forensics

This research was carried out on Windows Subsystem for Android (WSA) and presented at SANS DFIR Summit 2023.

Data Exfiltration project

This project was done during my master's with an aim to exfiltrate the data from a Windows system by weaponizing a Rasperberry Pi Pico.

Completed

Drinik Demystified:
A Detailed Examination of Android Malware Patterns, Detection Techniques, and Defensive Measures

Guided a Master's Thesis on Drinik Android Malware Analysis.

Abstract: The ever-changing landscape of Android malware necessitates groundbreaking analysis methods. Drinik, an evolving Android malware targeting Indian taxpayers, necessitates multi-layered defenses to safeguard user data and future Android iterations. This study delves into the effectiveness of VM-WSA, a novel approach that leverages both virtual machines (VMs) and WSA to create a more realistic and controlled environment for in- depth analysis.
The methodology involves analyzing Drinik malware within a virtualized environment (VMware Workstation Pro) using monitoring tools (API Monitor, Process Monitor, TCPView) and Windows Subsystem for Android (WSA) to gather forensic evidence and gain insights into its behavior. Results indicated that VM-WSA analysis of Drinik exposed suspicious permissions and communication patterns, but limitations necessitate further research like reverse engineering for a more complete picture and enhanced user protection.
In conclusion, by leveraging virtual machines, monitoring tools, and Android emulation, this study establishes a robust methodology for analyzing Drinik malware, enhancing forensic investigations, and opening the door to the way for improved detection of future threats.