Memory Forensics over the IEEE 1394 Interface
نویسنده
چکیده
The IEEE 1394 “FireWire” interface provides a means for acquiring direct memory access. We discuss how this can be used to perform live memory forensics on a target system. We also present libforensic1394 an open-source software library designed especially for this purpose. Passive and active applications of live memory forensics are analysed. Memory imaging techniques are discussed at length. It is demonstrated how the interface can be used both to dump the memory of a live system and to compromise contemporary operating systems.
منابع مشابه
StarT - Jr : A Parallel System from
StarT-jr is an experimental parallel system composed of a network of personal computers (PCs). The system leverages the momentum of the microprocessor and PC industries to achieve excellent single node performance at a low cost. For parallel processing, StarT-jr uses the Flexible User-level Network Interface (FUNi) to provide low-overhead, user-level inter-processor communication over two IEEE ...
متن کاملLive Memory Acquisition through FireWire
Although FireWire-based memory acquisition method has been introduced for several years, the methodologies are not discussed in detail and still lack of practical tools. Besides, the existing method is not working stably when dealing with different versions of Windows. In this paper, we try to compare different memory acquisition methods and discuss their virtues and disadvantages. Then, the me...
متن کاملPerformance analysis of the IEEE 1394 serial bus
IEEE 1394 is a standard for a high performance serial bus interface. It encompasses both isochronous transfer mode, which is suitable for real-time applications, and asynchronous transfer mode, which is appropriate for delay-insensitive applications. This standard can be used as a basis for constructing a small-size local area network. Two queueing models are proposed for a network operating un...
متن کاملMaestro-Link: A High Performance Interconnect for PC Cluster
Maestro is a distributed shared memory system currently being developed. In this paper, an architecture of the high performance network interface of Maestro is presented. Maestro consists of multiple PC(Personal Computer)s and dedicated network hardware for high performance message passing and maintaining cache coherency. IEEE1394, a high performance serial link, is used in the physical layer o...
متن کاملSCSI: An Enterprise Foundation
S torage interfaces have been a necessary component of computer systems since computing’s inception. At a basic level, a storage interface functions like any generic interface, defining the boundary between two dissimilar surfaces or systems. In a computer system, a storage interface defines both the boundaries between storage devices—such as hard drives, tape drives, or similar media—and how t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010