Forensic RAM dump image analyzer
| Thesis title in Czech: | Forenzní analýza obrazu paměti RAM |
|---|---|
| Thesis title in English: | Forensic RAM dump image analyzer |
| Academic year of topic announcement: | 2007/2008 |
| Thesis type: | diploma thesis |
| Thesis language: | angličtina |
| Department: | Department of Software Engineering (32-KSI) |
| Supervisor: | RNDr. Viliam Holub, Ph.D. |
| Author: | hidden - assigned and confirmed by the Study Dept. |
| Date of registration: | 09.10.2007 |
| Date of assignment: | 09.10.2007 |
| Date and time of defence: | 06.09.2010 09:00 |
| Date of electronic submission: | 06.09.2010 |
| Date of proceeded defence: | 06.09.2010 |
| Opponents: | RNDr. Mgr. Vlastimil Babka, Ph.D. |
| Guidelines |
| While different techniques are used for physical memory dumping, most of them provide a hard-to-analyse image of raw data.
The aim of the work is to develop an automatic analyzer of physical memory dumps retrieving contained information in a user-friendly form. The analyser is supposed to simplify automatic data extraction and should be used by forensic experts. Among expected features are multiple targer architecture/OS support, target architecture/OS guessing, automated password/crypto keys collecting, process listing, and module/driver listing. |
| References |
| [1] Simone Demblon, Sebastian Spitzner: Linux Internals http://learnlinux.tsf.org.za/courses/build/internals/
[2] Daniel P. Bovet, Marco Cesati: Understanding the Linux Kernel, O'Reilly, 2005 [3] Jonathan Corbet, Alessandro Rubini, Greg Kroah-Hartman: Linux Device Drivers, O'Reilly, 2005 [4] Firewire, DMA & Windows, http://storm.net.nz/projects/16 |