Abstract
Carving is a common technique in digital forensics to recover data from a memory dump of a device. In contrast to existing approaches, we investigate the carving problem for sets of memory dumps. Such a set can, for instance, be obtained by dumping the memory of a number of smart cards or by regularly dumping the memory of a single smart card during its lifetime. The problem that we define and investigate is to determine at which location in the dumps certain attributes are stored. By studying the commonalities and dissimilarities of these dumps, one can significantly reduce the collection of possible locations for such attributes. We develop algorithms that support in this process, implement them in a prototype, and apply this prototype to reverse engineer the data structure of a public transportation card.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 20th USENIX Security Symposium |
| Publisher | USENIX Association |
| Pages | 107-121 |
| Number of pages | 15 |
| ISBN (Electronic) | 9781931971874 |
| Publication status | Published - 2011 |
| Event | 20th USENIX Security Symposium 2011 - San Francisco, United States Duration: 8 Aug 2011 → 12 Aug 2011 |
Conference
| Conference | 20th USENIX Security Symposium 2011 |
|---|---|
| Country/Territory | United States |
| City | San Francisco |
| Period | 8/08/11 → 12/08/11 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality