Hardware­-Based Methods for Memory Acquisition

Hardware­-Based Methods for Memory Acquisition: Analysis and Improvements

van Leenen, Ryan (TU Delft Electrical Engineering, Mathematics and Computer Science)

Taouil, M. (mentor)
van Beusekom, M.L.J. (graduation committee)
van Heijningen, N. (graduation committee)
Hamdioui, S. (graduation committee)
van Leuken, T.G.R.M. (graduation committee)
Rongen, J. (graduation committee)

Delft University of Technology

Delft University of Technology

Computer Engineering

2021-08-23

Some server hosters facilitate cyber crime either intentionally (so called “bulletproof hosters”) or unintentionally (“bad hosters”). When dealing with uncooperative hosters during forensic investigations, it may sometimes be necessary to collect data or information on the servers without help from the owner of the server. Data within the RAM might prove insightful in, for example, determining active processes or reveal crypto graphically interesting information like encryption keys. The thesis explains key concepts within memory organization and the PCIe standard.Afterwards, it discusses several techniques for RAM acquisition and categorizes and evaluates them using a model-based approach. The thesis then dives deeper into DMA-based memory acquisition using PCIe and proposes several improvements to current DMA attacks in order to create a better memory acquisition technique. A novel memory acquisition technique is created by hot-plugging aPCIe device and skipping over the regular enumeration procedure. This techniqueal lows the memory acquisition to be executed without a reboot and provides a stealth approach to accessing the memory.  

PCIe
DMA
Memory Acquisition
RAM

http://resolver.tudelft.nl/uuid:8bf17f95-41c2-43a3-b63c-bbb60b322e5a

2023-08-23

Student theses

master thesis

© 2021 Ryan van Leenen