Name
Abstract | ||
|---|---|---|
Being able to inspect and analyze the operational state of commodity machines is crucial for modern digital forensics. Indeed, volatile system state including memory data and CPU registers contain information that cannot be directly inferred or reconstructed by acquiring the contents of the nonvolatile storage. Unfortunately, it still remains an open problem how to reliably and consistently retrieve the volatile machine state without disrupting its operation. In this paper, we propose to leverage commercial PCI network cards and the current x86 implementation of System Management Mode to reliably replicate the physical memory and critical CPU registers from commodity hardware. Furthermore, we demonstrate how remote state replication can be used for semantic reconstruction, where the analysis of memory structures enables us to interactively perform forensic analysis of the machine's memory content. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1109/SADFE.2011.7 | SADFE |
Keywords | Field | DocType |
smm-mode,memory acquisition,cpu register,memory structure,memory structure analysis,x86 implementation,firmware-assisted memory,commodity hardware,operational state,machine memory content,volatile machine state,pci network cards,volatile system state,physical memory,cpu registers,remote state replication,firmware,analysis tools,computer forensics,firmware-assisted memory acquisition,digital forensics,memory data,commodity machine operational state,peripheral interfaces,instruction sets,analysis tool,memory content,live forensics,pci.,system management mode,semantic reconstruction,reliability,hardware,security,servers,system management,registers,pci | Computer forensics,Digital forensics,Computer science,Memory management,Memory map,Processor register,Computer hardware,Flat memory model,Embedded system,Firmware,System Management Mode | Conference |
ISBN | Citations | PageRank |
978-1-4673-1242-4 | 18 | 0.95 |
References | Authors | |
12 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jiang Wang | 1 | 113 | 6.95 |
| Fengwei Zhang | 2 | 157 | 19.63 |
| Kun Sun | 3 | 142 | 12.80 |
| Angelos Stavrou | 4 | 1288 | 98.69 |