Skip to main content

Search

Request Info Apply Now

Undergraduate Certificates
Begin or advance your cybersecurity career at any age with our hands-on certificate programs.
Bachelors Degree
Transfer your credits to SANS.edu and become one of the most job-ready candidates in cybersecurity.
Graduate Certificates
Gain job-specific skills in highly technical certificate programs designed for working professionals.
Master’s Degree
Take your InfoSec career to the highest levels—developing both hands-on technical skills and the ability to lead.
Single Courses
Start with a course, advance to a cybersecurity certificate or degree
All Academic Programs
Explore hands-on undergraduate and graduate programs for every stage of your cybersecurity career.

Featured Program

Hands typing on a laptop

Applied Cybersecurity Certificate (ACS)

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Why SANS.edu?
How To Apply
Tuition & Funding

Join us for a free online info session to learn more.

Resources for Veterans

Learn how to get the most from your Veterans Education Benefits.

Women in Cybersecurity

Empowering women to thrive in cybersecurity.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Research Overview
Learn how SANS.edu research is strengthening the field of cybersecurity.
Cybersecurity Research Papers
Explore real-world solutions to pressing issues across AI, cloud security, digital forensics and more.
Internet Storm Center
Discover the world's largest global cyber threat detection network.

Featured Research

Research Review Journal Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Download the Journal

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

About Us
Students
Alumni
- Alumni Resources Alumni Resources
- Alumni Outcomes Report Alumni Outcomes Report

Launch Your Cyber Career

Let SANS.edu guide you on a proven path to success.

Sentinels Referral Program

Get recognized for your impact on the SANS.edu community.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Search

Request Info Apply Now

Cyber Research Papers
/Forensic Investigation of Bluetooth-Based Credit Card Skimmers

Cyber Research Papers

Forensic Investigation of Bluetooth-Based Credit Card Skimmers

Hidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels. Criminals are utilizing modern technology to complicate traditional forensic processes by reducing the device's footprint, encrypting onboard storage, and creating potentially unpredictable behavior. New forensic processes must be generated to account for the increasing changes in technology. Customized Python-based scripts can be generated to assist with capturing live Bluetooth Low-Energy (BLE) data based on known patterns within historical devices and interfaces.

sans-Forensic-Investigation_john_passaro (PDF, 0.35MB)

3 Sep 2025

ByJohn Passaro

Share

All papers are copyrighted

No re-posting of papers is permitted

Related Content

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

This study evaluates micro-segmentation as a practical Zero Trust control in a Windows Active Directory lab that models common legacy dependencies (directory services, file services, a web tier, and a database tier).

24 Mar 2026

Assessing the Impact of Memory Acquisition on Key Windows Artifacts

This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders.

20 Mar 2026

From Ambiguity to Action: A Forensic Framework for Differentiating ClickFix Payloads

The "ClickFix" social engineering technique, which leverages fake CAPTCHA or browser update lures to trick users into executing a malicious PowerShell script, presents a critical challenge for incident responders.

24 Feb 2026

Digital Forensics and Incident Response in the Cloud: Addressing GCP Challenges

Many digital forensics and incident response (DFIR) practitioners, as well as aspiring cybersecurity analysts, often gravitate towards AWS and Azure as their first forays into cloud security.

16 Jan 2026

Inside the Five Most Dangerous New Attack Techniques

This e-book represents the next evolution of that effort. Here, we take the five key topics presented from the keynote stage and expand them into four full-length chapters.

8 Dec 2025
Heather Barnhart, Rob T. Lee, Joshua Wright, Tim Conway

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

This study examined how layered obfuscation affects image-based convolutional neural network (CNN) detectors and introduces a novel, reproducible framework for measuring obfuscation itself.

19 Nov 2025

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

7 Nov 2025

Scrutinizing A Web-Based LLM in Private Browsing Mode: An Analysis of Memory Artifacts and Privacy Implications

Using web-based LLMs such as ChatGPT has changed the web browsing landscape to become part of the typical everyday experience.

7 Nov 2025

Adversary-Aware IOC Retention: Analyzing Time-to-Live Patterns by Threat Actor Attribution

After analyzing hundreds of IOCs across three unique Advanced Persistent Threats (APTs) from disparate regions, it can be confirmed that not only do threat actors cycle their IOCs at different rates, but those rates can be tracked. This paper introduces an enhanced decay model incorporating a threat actor variable that accounts for these differences in sophistication and hygiene.

23 Oct 2025

Breaking Time: Methods, Artifacts, and Forensic Detection of Timestomping on FAT32, Ext3, and Ext4 File Systems

This paper explores the diverse methods used to timestomp files on FAT, Ext3, and Ext4 file systems, focusing on how adversaries adapt their approaches based on available system access and permissions.

23 Oct 2025

Breaking Through Deception: Addressing Barriers in the Adoption of Cyber Deception Technologies

Despite the increasing sophistication of cyber threats and the need for organizations to employ innovative defense strategies, cyber deception technologies, tools designed to mislead attackers and gain a defensive advantage, remain significantly underutilized across organizational cybersecurity programs.

23 Oct 2025

Privacy Protections: Are Stronger Laws Changing What We Reveal?

As U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.

26 Sep 2025

Catching the Hand in the Cookie Jar: Canary Session Cookies

This project demonstrates how even applications secured with MFA are still vulnerable to hijacked session cookies. Given the persistent threats posed to organizations by stolen authentication cookies, this research proposes implementing Canary session cookies to detect the theft and malicious use of credentials.

17 Apr 2025

A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments

Log fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but...

17 Apr 2025

Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection

This study investigates the dependency on network and endpoint telemetry for identifying lateral...

17 Jan 2025

Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success

Identification of phishing emails can be cumbersome, accomplished by rule-based filters, machine...

7 Jan 2025

Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords

As digital threats grow increasingly sophisticated, traditional password-based authentication...

23 Dec 2024
Rich Greene

Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It

Electronic Benefits Transfer (EBT) cards provide individuals receiving government assistance for...

23 Dec 2024

Hunting the Hound of Hades: Kerberos Delegation Attacks, Detections and Defenses

When misconfigured, Kerberos delegation in an Active Directory environment can lead to complete...

23 Dec 2024

The Open-Source Trap: Unraveling Open-Source Threats in the Software Supply Chain

The risk to the software supply chain is increasingly clear, as breaches like SolarWinds, Equifax,...

5 Dec 2024

Cybersecurity is all we teach, and nobody does it better.

Research
Resources
Learn More

Privacy Policy
Terms and Conditions
Admissions
Do Not Sell/Share My Personal Information
Cookie Notice

© 2026 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute.

Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.

SANS Institute
Internet Storm Center