Forensic RAM dump image analyzer
Thesis title in Czech: | Forenzní analýza obrazu paměti RAM |
---|---|
Thesis title in English: | Forensic RAM dump image analyzer |
Academic year of topic announcement: | 2007/2008 |
Thesis type: | diploma thesis |
Thesis language: | angličtina |
Department: | Department of Software Engineering (32-KSI) |
Supervisor: | RNDr. Viliam Holub, Ph.D. |
Author: | hidden - assigned and confirmed by the Study Dept. |
Date of registration: | 09.10.2007 |
Date of assignment: | 09.10.2007 |
Date and time of defence: | 06.09.2010 09:00 |
Date of electronic submission: | 06.09.2010 |
Date of proceeded defence: | 06.09.2010 |
Opponents: | RNDr. Mgr. Vlastimil Babka, Ph.D. |
Guidelines |
While different techniques are used for physical memory dumping, most of them provide a hard-to-analyse image of raw data.
The aim of the work is to develop an automatic analyzer of physical memory dumps retrieving contained information in a user-friendly form. The analyser is supposed to simplify automatic data extraction and should be used by forensic experts. Among expected features are multiple targer architecture/OS support, target architecture/OS guessing, automated password/crypto keys collecting, process listing, and module/driver listing. |
References |
[1] Simone Demblon, Sebastian Spitzner: Linux Internals http://learnlinux.tsf.org.za/courses/build/internals/
[2] Daniel P. Bovet, Marco Cesati: Understanding the Linux Kernel, O'Reilly, 2005 [3] Jonathan Corbet, Alessandro Rubini, Greg Kroah-Hartman: Linux Device Drivers, O'Reilly, 2005 [4] Firewire, DMA & Windows, http://storm.net.nz/projects/16 |