Hardware­-Based Methods for Memory Acquisition

Analysis and Improvements

Master Thesis (2021)
Author(s)

R. van Leenen (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

M Taouil – Mentor (TU Delft - Computer Engineering)

M.L.J. van Beusekom – Graduation committee member (TU Delft - Computer Engineering)

N. van Heijningen – Graduation committee member (Nederlands Forensisch Instituut (NFI))

S Hamdioui – Graduation committee member (TU Delft - Quantum & Computer Engineering)

René Leuken – Graduation committee member (TU Delft - Signal Processing Systems)

J. Rongen – Coach (Nederlands Forensisch Instituut (NFI))

Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright
© 2021 Ryan van Leenen
More Info
expand_more
Publication Year
2021
Language
English
Copyright
© 2021 Ryan van Leenen
Graduation Date
23-08-2021
Awarding Institution
Delft University of Technology
Programme
['Computer Engineering']
Faculty
Electrical Engineering, Mathematics and Computer Science
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Some
server hosters facilitate cyber crime either intentionally (so called “bulletproof hosters”)
or unintentionally (“bad hosters”). When dealing with uncooperative hosters
during forensic investigations, it may sometimes be necessary to collect data or
information on the servers without help from the owner of the server. Data
within the RAM might prove insightful in, for example, determining active
processes or reveal crypto graphically interesting information like encryption
keys. The thesis explains key concepts within memory organization and the PCIe
standard.Afterwards, it discusses several techniques for RAM acquisition and
categorizes and evaluates them using a model-based approach. The thesis then
dives deeper into DMA-based memory acquisition using PCIe and proposes several
improvements to current DMA attacks in order to create a better memory
acquisition technique. A novel memory acquisition technique is created by
hot-plugging aPCIe device and skipping over the regular enumeration procedure.
This techniqueal lows the memory acquisition to be executed without a reboot and
provides a stealth approach to accessing the memory.  



Files

Thesis_RvLeenen_Final.pdf
(pdf | 2.88 Mb)
- Embargo expired in 23-08-2023
License info not available