Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods
Size: px
Start display at page:

Download "Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods"

Transcription

1 Evaluating Atomicity, and Integrity of Correct Memory Acquisition Methods Michael Gruhn, Felix Freiling Department Computer Science IT Security Infrastructures Friedrich-Alexander-University Erlangen-Nürnberg Erlangen, Germany EU

2 Outline EU Introduction Motivation Atomicity, Integrity and Correctness per [Vömel and Freiling 2012] Atomicity Violation Integrity Violation Estimating Atomicity and Integrity Payload Application Atomicity and Integrity Deltas Results Take-Home and Future Research Michael Gruhn FAU i1 ramatom 2/28

3 Motivation EU Memory Analysis becomes more and more important: Memory resident malware Disk-less clients Persistent Disk Encryption To do proper analysis memory must be acquired forensically sound Correctness captured value at address X must represent the value in memory at address X Atomicity Integrity Michael Gruhn FAU i1 ramatom 3/28

4 Atomicity Violation per [Vömel and Freiling 2012] r 1 r 2 r 3 r 4 Figure: Space-time diagram of imaging procedure creating non-atomic snapshot Michael Gruhn FAU i1 ramatom 4/28

5 Integrity Violation per [Vömel and Freiling 2012] r 1 r 2 r 3 r 4 t Figure: Integrity of a snapshot with respect to a specific point in time t Michael Gruhn FAU i1 ramatom 5/28

6 Outline EU Introduction Motivation Atomicity, Integrity and Correctness per [Vömel and Freiling 2012] Atomicity Violation Integrity Violation Estimating Atomicity and Integrity Payload Application Atomicity and Integrity Deltas Results Take-Home and Future Research Michael Gruhn FAU i1 ramatom 6/28

7 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Start: Memory Region Counter Michael Gruhn FAU i1 ramatom 7/28

8 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 8/28

9 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 9/28

10 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 10/28

11 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 11/28

12 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 12/28

13 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 13/28

14 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 14/28

15 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 15/28

16 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 16/28

17 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 17/28

18 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 18/28

19 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Michael Gruhn FAU i1 ramatom 19/28

20 Estimating Atomicity and Integrity via Payload Application Application constantly increments counters placed in memory regions Running: Memory Region Counter Perfect atomic capture has only two consecutive counter values Perfect integer when counter values from when capture was started Details in the paper Michael Gruhn FAU i1 ramatom 20/28

21 Estimating Atomicity and Integrity via Deltas r 4 r 3 r 2 r 1 Integrity Atomicity t Figure: Atomicity and integrity in a maximum load scenario Michael Gruhn FAU i1 ramatom 21/28

22 Atomicity and Integrity Upper Bounds (Worst Case) Atomicity Delta (Worst Case) Integrity Delta msramdump memimager VirtualBox QEMU ProcDump (-r) ProcDump Windows Task Manager pmdump WinPMEM FTK Imager win64dd win64dd (/m 1) DumpIt inception Michael Gruhn FAU i1 ramatom 22/28

23 Figure: Acquisition plot of pmdump Michael Gruhn FAU i1 ramatom 23/28

24 Figure: Memory acquisition technique comparison (acquisition plot) Michael Gruhn FAU i1 ramatom 24/28

25 Figure: Memory acquisition technique comparison (acquisition density plot) Michael Gruhn FAU i1 ramatom 25/28

26 inception Integrity Delta 1.5 DumpIt 1 win64dd FTK Imager 0.5 VirtualBox WinPMEM ProcDump 0 0 Cold-Boot Attacks pmdump Atomicity Delta 10 4 Figure: Each acquisition position inside an atomicity/integrity-matrix Michael Gruhn FAU i1 ramatom 26/28

27 Take-Home and Future Research DMA exhibited the greatest memory smear Is inception/python the issue? Will PCI DMA perform better? Does DMA increase concurrency? How do state-of-the-art research methods (Body-Snatcher) perform? Michael Gruhn FAU i1 ramatom 27(1) /28

28 Take-Home and Future Research DMA exhibited the greatest memory smear Is inception/python the issue? Will PCI DMA perform better? Does DMA increase concurrency? How do state-of-the-art research methods (Body-Snatcher) perform? What is the impact of non-atomic memory captures on analysis? 2-Take Approach solution? Michael Gruhn FAU i1 ramatom 27(2) /28

29 Take-Home and Future Research DMA exhibited the greatest memory smear Is inception/python the issue? Will PCI DMA perform better? Does DMA increase concurrency? How do state-of-the-art research methods (Body-Snatcher) perform? What is the impact of non-atomic memory captures on analysis? 2-Take Approach solution? Source Code available at Slides and Paper available at Warning about "Source Code": It s what they call "research" code: for(i=0; /*FIXME... we assume success */; i++) Michael Gruhn FAU i1 ramatom 27(3) /28

30 Questions? EU Michael Gruhn FAU i1 ramatom 28/28

Similar documents

An Evaluation Platform for Forensic Memory Acquisition Software

An Evaluation Platform for Forensic Memory Acquisition Software DIGITAL FORENSIC RESEARCH CONFERENCE An Evaluation Platform for Forensic Memory Acquisition Software By Stefan Voemel and Johannes Stuttgen Presented At The Digital Forensic Research Conference DFRWS 2013

More information

A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory

A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory Maximilian Seitzer, Michael Gruhn, Tilo Müller Friedrich Alexander Universität Erlangen-Nürnberg https://www1.cs.fau.de Introduction

More information

On the Practicability of Cold Boot Attacks

On the Practicability of Cold Boot Attacks On the Practicability of Cold Boot Attacks Michael Gruhn and Tilo Müller Friedrich-Alexander-University Erlangen-Nuremberg 2013/09/06 Michael Gruhn, Tilo Müller (FAU) On the Practicability of Cold Boot

More information

Memory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos

Memory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos Memory Analysis Part II. Basic Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previous classes Files, steganography, watermarking Source of digital evidence

More information

Digital Investigation

Digital Investigation Digital Investigation 10 (2013) S30 S40 Contents lists available at SciVerse ScienceDirect Digital Investigation journal homepage: www.elsevier.com/locate/diin An evaluation platform for forensic memory

More information

Capturing RAM. Alex Applegate. Mississippi State University Digital Forensics 1

Capturing RAM. Alex Applegate. Mississippi State University Digital Forensics 1 Capturing RAM Alex Applegate 1 Overview Capture Problems Causing a Process Dump Full Manual Memory Dump Binary Block Copy Tribble Cold Boot Recovery Firewire DMA Attack 2 Capture Problems RAM has many

More information

An Introduction to Incident Detection and Response Memory Forensic Analysis

An Introduction to Incident Detection and Response Memory Forensic Analysis An Introduction to Incident Detection and Response Memory Forensic Analysis Alexandre Dulaunoy - TLP:WHITE a@foo.be February 11, 2016 An overview to incident response Detection Analysis Containment Investigation

More information

Isolating Operating System Components with Intel SGX

Isolating Operating System Components with Intel SGX SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016

More information

QEMU Backup. Maxim Nestratov, Virtuozzo Vladimir Sementsov-Ogievskiy, Virtuozzo

QEMU Backup. Maxim Nestratov, Virtuozzo Vladimir Sementsov-Ogievskiy, Virtuozzo QEMU Backup Maxim Nestratov, Virtuozzo Vladimir Sementsov-Ogievskiy, Virtuozzo QEMU Backup Vladimir Sementsov-Ogievskiy, Virtuozzo Full featured backup Online backup Fast Not very invasive for the guest

More information

10/13/11. Objectives. Live Acquisition. When do we consider doing it? What is Live Acquisition? The Order of Volatility. When do we consider doing it?

10/13/11. Objectives. Live Acquisition. When do we consider doing it? What is Live Acquisition? The Order of Volatility. When do we consider doing it? Live Acquisition Objectives Understand what Live Acquisition is and when it is appropriate Understand the concept of Order of Volatility Understand live acquisition issues and limitations Be able to perform

More information

Defeating the Secrets of OTP Apps

Defeating the Secrets of OTP Apps Defeating the Secrets of OTP Apps M.A., M.Sc. Philip Polleit, Friedrich-Alexander-Universität, Erlangen Dr.-Ing., Michael Spreitzenbarth, Friedrich-Alexander-Universität, Erlangen philip@polleit.de 1 //

More information

PRINCIPLES OF SECURE LOGGING FOR SAFEKEEPING DIGITAL EVIDENCE

PRINCIPLES OF SECURE LOGGING FOR SAFEKEEPING DIGITAL EVIDENCE 11 th International Conference on IT Security Incident Management & IT Forensics (IMF 2018) PRINCIPLES OF SECURE LOGGING FOR SAFEKEEPING DIGITAL EVIDENCE Felix Freiling, Friedrich-Alexander-University

More information

Memory Grabber Computer Forensic Volatile Memory Acquisition and Analysis System

Memory Grabber Computer Forensic Volatile Memory Acquisition and Analysis System Memory Grabber Computer Forensic Volatile Memory Acquisition and Analysis System White Paper 6 May 2010 Prepared By: Jim Costabile Systems Research and Applications Corporation 8830 Stanford Blvd., Suite

More information

What is essential data in digital forensic analysis?

What is essential data in digital forensic analysis? What is essential data in digital forensic analysis? Felix Freiling, Michael Gruhn Department Computer Science Friedrich-Alexander University Erlangen-Nürnberg (FAU) Erlangen, Germany {firstname.lastname}@cs.fau.de

More information

Improving the Operating System with Reconfigurable Hardware

Improving the Operating System with Reconfigurable Hardware Improving the Operating System with Reconfigurable Hardware (FGBS 11) Michael Gernoth System Software Group Friedrich-Alexander University Erlangen-Nuremberg November 11, 2011 supported by Challenges in

More information

The Undiscovered Country. - Device Presence Estimation from Home Router Memory Dumps. Tobias Fiebig 07/04/2013. University of Amsterdam

The Undiscovered Country. - Device Presence Estimation from Home Router Memory Dumps. Tobias Fiebig 07/04/2013. University of Amsterdam - Device Presence Estimation from Home Router Memory Dumps University of Amsterdam 07/04/2013 Situation Who has when been where is an important question during an investigation. Example: One wants to establish

More information

C++ Memory Model Tutorial

C++ Memory Model Tutorial C++ Memory Model Tutorial Wenzhu Man C++ Memory Model Tutorial 1 / 16 Outline 1 Motivation 2 Memory Ordering for Atomic Operations The synchronizes-with and happens-before relationship (not from lecture

More information

Chapter 5 Asynchronous Concurrent Execution

Chapter 5 Asynchronous Concurrent Execution Chapter 5 Asynchronous Concurrent Execution Outline 5.1 Introduction 5.2 Mutual Exclusion 5.2.1 Java Multithreading Case Study 5.2.2 Critical Sections 5.2.3 Mutual Exclusion Primitives 5.3 Implementing

More information

Selective deletion of non-relevant Data

Selective deletion of non-relevant Data Selective deletion of non-relevant Data Christian Zoubek, Konstantin Sack 23rd March 2017 Outline - Introduction - Selective deletion - Evaluation - Conclusion page 2 Motivation - In law enforcement investigations

More information

A parallel patch based algorithm for CT image denoising on the Cell Broadband Engine

A parallel patch based algorithm for CT image denoising on the Cell Broadband Engine A parallel patch based algorithm for CT image denoising on the Cell Broadband Engine Dominik Bartuschat, Markus Stürmer, Harald Köstler and Ulrich Rüde Friedrich-Alexander Universität Erlangen-Nürnberg,Germany

More information

Advance Operating Systems (CS202) Locks Discussion

Advance Operating Systems (CS202) Locks Discussion Advance Operating Systems (CS202) Locks Discussion Threads Locks Spin Locks Array-based Locks MCS Locks Sequential Locks Road Map Threads Global variables and static objects are shared Stored in the static

More information

Privacy-Preserving Forensics

Privacy-Preserving Forensics DIGITAL FORENSIC RESEARCH CONFERENCE Privacy-Preserving Email Forensics By Frederik Armknecht, Andreas Dewald and Michael Gruhn Presented At The Digital Forensic Research Conference DFRWS 2015 USA Philadelphia,

More information

COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9

COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer

More information

Self Learning Hard Disk Power Management for Mobile Devices

Self Learning Hard Disk Power Management for Mobile Devices Self Learning Hard Disk Power Management for Mobile Devices Andreas Weissel weissel@cs.fau.de, http://www4.cs.fau.de Department of Computer Sciences 4 Distributed Systems and Operating Systems Friedrich

More information

Introduction to Programming in C Department of Computer Science and Engineering. Lecture No. #19. Loops: Continue Statement Example

Introduction to Programming in C Department of Computer Science and Engineering. Lecture No. #19. Loops: Continue Statement Example Introduction to Programming in C Department of Computer Science and Engineering Lecture No. #19 Loops: Continue Statement Example Let us do a sample program using continue statements, I will introduce

More information

Physical Memory File Extraction Based on File Object Analysis

Physical Memory File Extraction Based on File Object Analysis Physical Memory File Extraction Based on File Object Analysis Youngbok Kang(K-dupe) with Phd Hyunuk Hwang and Phd Kibom Kim Chonnam National University SSRC Content Background File Object Analysis File

More information

MBT and cloud-testing - a powerful combination

MBT and cloud-testing - a powerful combination MBT and cloud-testing - a powerful combination Matthias Pruksch sepp.med Dr. Martin Beisser sepp.med Steffen Limmer Friedrich-Alexander-Universität Erlangen-Nürnberg Agenda Motivation Test@Cloud Conclusions

More information

About. Bringing Memory Forensics and Virtual Machine Introspection to Production Environments Benjamin Taubmann. Title: Student:

About. Bringing Memory Forensics and Virtual Machine Introspection to Production Environments Benjamin Taubmann. Title: Student: About Title: Student: PhD stage: Advisor: Affiliation: Research Area: Projects: Bringing Memory Forensics and Virtual Machine Introspection to Production Environments Benjamin Taubmann Third year, finisher

More information

Acquisiting Text Documents Opened by Notepad from Windows7 RAM Image

Acquisiting Text Documents Opened by Notepad from Windows7 RAM Image Journal of Computational Information Systems 10: 16 (2014) 7117 7124 Available at http://www.jofcis.com Acquisiting Text Documents Opened by Notepad from Windows7 RAM Image Tao XIAO, Ming XU, Jian XU,

More information

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an

More information

Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015

Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Monitoring Hypervisor Integrity at Runtime Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015 Motivation - Server Virtualization Trend x86 servers were virtualized

More information

Sparse Matrix Formats

Sparse Matrix Formats Christopher Bross Friedrich-Alexander-Universität Erlangen-Nürnberg Motivation Sparse Matrices are everywhere Sparse Matrix Formats C. Bross BGCE Research Day, Erlangen, 09.06.2016 2/16 Motivation Sparse

More information

Single Breath-hold Abdominal T 1 Mapping using 3-D Cartesian Sampling and Spatiotemporally Constrained Reconstruction

Single Breath-hold Abdominal T 1 Mapping using 3-D Cartesian Sampling and Spatiotemporally Constrained Reconstruction Single Breath-hold Abdominal T 1 Mapping using 3-D Cartesian Sampling and Spatiotemporally Constrained Reconstruction Felix Lugauer 1,3, Jens Wetzl 1, Christoph Forman 2, Manuel Schneider 1, Berthold Kiefer

More information

ATOMS - A Tool for Automatic Optimization of Gate Level VHDL Models for Simulation

ATOMS - A Tool for Automatic Optimization of Gate Level VHDL Models for Simulation ATOMS - A Tool for Automatic Optimization of Gate Level VHDL Models for Simulation Oliver Tschäche and Volkmar Sieh Department of Computer Science III University of Erlangen-Nürnberg Martensstr.3 91058

More information

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing 1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation

More information

Computers Are Your Future Chapter 4

Computers Are Your Future Chapter 4 INTRODUCTION TO IT WEEK4 CHAPTER4 LECTURE1 Faculty of Computing and Information Technology.Rabigh System Software Slide 2 What You Will Learn... The two major components of operating system software Why

More information

CS122 Lecture 15 Winter Term,

CS122 Lecture 15 Winter Term, CS122 Lecture 15 Winter Term, 2017-2018 2 Transaction Processing Last time, introduced transaction processing ACID properties: Atomicity, consistency, isolation, durability Began talking about implementing

More information

NoC Simulation in Heterogeneous Architectures for PGAS Programming Model

NoC Simulation in Heterogeneous Architectures for PGAS Programming Model NoC Simulation in Heterogeneous Architectures for PGAS Programming Model Sascha Roloff, Andreas Weichslgartner, Frank Hannig, Jürgen Teich University of Erlangen-Nuremberg, Germany Jan Heißwolf Karlsruhe

More information

Computer Graphics: Graphics Output Primitives Line Drawing Algorithms

Computer Graphics: Graphics Output Primitives Line Drawing Algorithms Computer Graphics: Graphics Output Primitives Line Drawing Algorithms By: A. H. Abdul Hafez Abdul.hafez@hku.edu.tr, 1 Outlines 1. Basic concept of lines in OpenGL 2. Line Equation 3. DDA Algorithm 4. DDA

More information

Bw-Tree. Josef Schmeißer. January 9, Josef Schmeißer Bw-Tree January 9, / 25

Bw-Tree. Josef Schmeißer. January 9, Josef Schmeißer Bw-Tree January 9, / 25 Bw-Tree Josef Schmeißer January 9, 2018 Josef Schmeißer Bw-Tree January 9, 2018 1 / 25 Table of contents 1 Fundamentals 2 Tree Structure 3 Evaluation 4 Further Reading Josef Schmeißer Bw-Tree January 9,

More information

Background: disk access vs. main memory access (1/2)

Background: disk access vs. main memory access (1/2) 4.4 B-trees Disk access vs. main memory access: background B-tree concept Node structure Structural properties Insertion operation Deletion operation Running time 66 Background: disk access vs. main memory

More information

Applications of Paxos Algorithm

Applications of Paxos Algorithm Applications of Paxos Algorithm Gurkan Solmaz COP 6938 - Cloud Computing - Fall 2012 Department of Electrical Engineering and Computer Science University of Central Florida - Orlando, FL Oct 15, 2012 1

More information

Self-Adaptive FPGA-Based Image Processing Filters Using Approximate Arithmetics

Self-Adaptive FPGA-Based Image Processing Filters Using Approximate Arithmetics Self-Adaptive FPGA-Based Image Processing Filters Using Approximate Arithmetics Jutta Pirkl, Andreas Becher, Jorge Echavarria, Jürgen Teich, and Stefan Wildermann Hardware/Software Co-Design, Friedrich-Alexander-Universität

More information

A Verification Based Method to Generate Cutting Planes for IPs

A Verification Based Method to Generate Cutting Planes for IPs A Verification Based Method to Generate Cutting Planes for IPs Santanu S. Dey Sebastian Pokutta Georgia Institute of Technology, USA. Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany. SIAM Conference

More information

Artefakt-resistente Bewegungsschätzung für die bewegungskompensierte CT

Artefakt-resistente Bewegungsschätzung für die bewegungskompensierte CT Artefakt-resistente Bewegungsschätzung für die bewegungskompensierte CT Marcus Brehm 1,2, Thorsten Heußer 1, Pascal Paysan 3, Markus Oehlhafen 3, and Marc Kachelrieß 1,2 1 German Cancer Research Center

More information

Analysis of Algorithms

Analysis of Algorithms Analysis of Algorithms Data Structures and Algorithms Acknowledgement: These slides are adapted from slides provided with Data Structures and Algorithms in C++ Goodrich, Tamassia and Mount (Wiley, 2004)

More information

Binary Search and Worst-Case Analysis

Binary Search and Worst-Case Analysis Department of Computer Science and Engineering Chinese University of Hong Kong A significant part of computer science is devoted to understanding the power of the RAM model in solving specific problems.

More information

Partial Acquisition Prashant Jain and Michael Kircher

Partial Acquisition Prashant Jain and Michael Kircher 1 Partial Acquisition Prashant Jain and Michael Kircher {Prashant.Jain,Michael.Kircher}@mchp.siemens.de Siemens AG, Corporate Technology Munich, Germany Partial Acquisition 2 Partial Acquisition The Partial

More information

Synchronization for Concurrent Tasks

Synchronization for Concurrent Tasks Synchronization for Concurrent Tasks Minsoo Ryu Department of Computer Science and Engineering 2 1 Race Condition and Critical Section Page X 2 Algorithmic Approaches Page X 3 Hardware Support Page X 4

More information

Running head: FTK IMAGER 1

Running head: FTK IMAGER 1 Running head: FTK IMAGER 1 FTK Imager Jean-Raymond Ducasse CSOL-590 June 26, 2017 Thomas Plunkett FTK IMAGER 2 FTK Imager Outline Process for Adding Individual Files & Folders as Evidence Items Although

More information

DYNAMIC MEMORY ALLOCATION ON REAL-TIME LINUX

DYNAMIC MEMORY ALLOCATION ON REAL-TIME LINUX DYNAMIC MEMORY ALLOCATION ON REAL-TIME LINUX Jianping Shen Institut Dr. Foerster GmbH und Co. KG In Laisen 70, 72766, Reutlingen, Germany shen.jianping@foerstergroup.de Michael Hamal Institut Dr. Foerster

More information

COMPUTER HACKING Forensic Investigator

COMPUTER HACKING Forensic Investigator COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach

More information

Dan Noé University of New Hampshire / VeloBit

Dan Noé University of New Hampshire / VeloBit Dan Noé University of New Hampshire / VeloBit A review of how the CPU works The operating system kernel and when it runs User and kernel mode Device drivers Virtualization of memory Virtual memory Paging

More information

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing 1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust

More information

Hands-on Lab 2: LabVIEW NI-DAQ Basics 2

Hands-on Lab 2: LabVIEW NI-DAQ Basics 2 Hands-on Lab 2: LabVIEW NI-DAQ Basics 2 Recall that the final objective is position regulation using computer-controlled state feedback. Computer control requires both software, like LabVIEW and hardware,

More information

Incident Response Data Acquisition Guidelines for Investigation Purposes 1

Incident Response Data Acquisition Guidelines for Investigation Purposes 1 Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response

More information

Database Management Systems 2010/11

Database Management Systems 2010/11 DMS 2010/11 J. Gamper 1/30 Database Management Systems 2010/11 Chapter 6: Transactions J. Gamper Transaction Concept ACID Properties Atomicity and Durability Concurrent Execution Serializability Recoverability

More information

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed

More information

Atomicity. Bailu Ding. Oct 18, Bailu Ding Atomicity Oct 18, / 38

Atomicity. Bailu Ding. Oct 18, Bailu Ding Atomicity Oct 18, / 38 Atomicity Bailu Ding Oct 18, 2012 Bailu Ding Atomicity Oct 18, 2012 1 / 38 Outline 1 Introduction 2 State Machine 3 Sinfonia 4 Dangers of Replication Bailu Ding Atomicity Oct 18, 2012 2 / 38 Introduction

More information

SIMATIC. SIMATIC Energy Manager V1.0 App for ios and Android. Preface. SIMATIC Energy Manager app. Establish connection to SIMATIC Energy Manager PRO

SIMATIC. SIMATIC Energy Manager V1.0 App for ios and Android. Preface. SIMATIC Energy Manager app. Establish connection to SIMATIC Energy Manager PRO Preface SIMATIC Energy Manager app 1 SIMATIC SIMATIC Energy Manager V1.0 App for ios and Android Establish connection to SIMATIC Energy Manager 2 PRO Mobile data acquisition 3 Working with data points

More information

A Secure Architecture for the Range-Level Command and Control System of a National Cyber Range Testbed

A Secure Architecture for the Range-Level Command and Control System of a National Cyber Range Testbed A Secure Architecture for the Range-Level Command and Control System of a National Cyber Range Testbed Michael Rosenstein / Frank Corvese Michael Rosenstein michael.rosenstein@securedecisions.com 631.759.3910

More information

Massively Parallel Phase Field Simulations using HPC Framework walberla

Massively Parallel Phase Field Simulations using HPC Framework walberla Massively Parallel Phase Field Simulations using HPC Framework walberla SIAM CSE 2015, March 15 th 2015 Martin Bauer, Florian Schornbaum, Christian Godenschwager, Johannes Hötzer, Harald Köstler and Ulrich

More information

Simple Password-Hardened Encryption Services

Simple Password-Hardened Encryption Services Simple Password-Hardened Encryption Services Russell W. F. Lai 1, Christoph Egger 1, Manuel Reinert 2, Sherman S. M. Chow 3, Matteo Maffei 4, and Dominique Schröder 1 1 Friedrich-Alexander University Erlangen-Nuremberg

More information

A Causality-Based Runtime Check for (Rollback) Atomicity

A Causality-Based Runtime Check for (Rollback) Atomicity A Causality-Based Runtime Check for (Rollback) Atomicity Serdar Tasiran Koc University Istanbul, Turkey Tayfun Elmas Koc University Istanbul, Turkey RV 2007 March 13, 2007 Outline This paper: Define rollback

More information

Ceph Block Devices: A Deep Dive. Josh Durgin RBD Lead June 24, 2015

Ceph Block Devices: A Deep Dive. Josh Durgin RBD Lead June 24, 2015 Ceph Block Devices: A Deep Dive Josh Durgin RBD Lead June 24, 2015 Ceph Motivating Principles All components must scale horizontally There can be no single point of failure The solution must be hardware

More information

1. Draw and explain program flow of control without and with interrupts. [16]

1. Draw and explain program flow of control without and with interrupts. [16] Code No: R05310503 Set No. 1 1. Draw and explain program flow of control without and with interrupts. [16] 2. Explain the following transitions: (a) Blocked Blocked/Suspended. (b) Blocked/Suspended Ready/Suspended.

More information

Techno India Batanagar Department of Computer Science & Engineering. Model Questions. Multiple Choice Questions:

Techno India Batanagar Department of Computer Science & Engineering. Model Questions. Multiple Choice Questions: Techno India Batanagar Department of Computer Science & Engineering Model Questions Subject Name: Operating System Multiple Choice Questions: Subject Code: CS603 1) Shell is the exclusive feature of a)

More information

Final Exam. 11 May 2018, 120 minutes, 26 questions, 100 points

Final Exam. 11 May 2018, 120 minutes, 26 questions, 100 points Name: CS520 Final Exam 11 May 2018, 120 minutes, 26 questions, 100 points The exam is closed book and notes. Please keep all electronic devices turned off and out of reach. Note that a question may require

More information

Security Vulnerabilities of the NDEF Signature Record Type

Security Vulnerabilities of the NDEF Signature Record Type Security Vulnerabilities of the NDEF Signature Record Type Michael Roland Upper Austria University it of Applied Sciences,, Austria 3 rd International Workshop on Near Field Communication 22 February 2011,,

More information

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017 No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated

More information

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 L1: Computer Security Overview Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 8/17/2015 CSCI 451- Fall 2015 1 Acknowledgement Many slides are or

More information

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:

More information

Outline. Database Tuning. What is a Transaction? 1. ACID Properties. Concurrency Tuning. Nikolaus Augsten. Introduction to Transactions

Outline. Database Tuning. What is a Transaction? 1. ACID Properties. Concurrency Tuning. Nikolaus Augsten. Introduction to Transactions Outline Database Tuning Nikolaus Augsten University of Salzburg Department of Computer Science Database Group 1 Unit 4 WS 2016/17 Adapted from Database Tuning by Dennis Shasha and Philippe Bonnet. Nikolaus

More information

Windows Forensics Advanced

Windows Forensics Advanced Windows Forensics Advanced Index: CF102 Description Windows Forensics - Advanced is the next step for forensics specialists, diving deeper into diverse processes on Windows OS serving computer investigators.

More information

B. V. Patel Institute of Business Management, Computer &Information Technology, UTU

B. V. Patel Institute of Business Management, Computer &Information Technology, UTU BCA-3 rd Semester 030010304-Fundamentals Of Operating Systems Unit: 1 Introduction Short Answer Questions : 1. State two ways of process communication. 2. State any two uses of operating system according

More information

) Intel)(TX)memory):) Transac'onal) Synchroniza'on) Extensions)(TSX))) Transac'ons)

) Intel)(TX)memory):) Transac'onal) Synchroniza'on) Extensions)(TSX))) Transac'ons) ) Intel)(TX)memory):) Transac'onal) Synchroniza'on) Extensions)(TSX))) Transac'ons) Transactions - Definition A transaction is a sequence of data operations with the following properties: * A Atomic All

More information

Fast Sample Generation with Variational Bayesian for Limited Data Hyperspectral Image Classification

Fast Sample Generation with Variational Bayesian for Limited Data Hyperspectral Image Classification Fast Sample Generation with Variational Bayesian for Limited Data Hyperspectral Image Classification July 26, 2018 AmirAbbas Davari, Hasan Can Özkan, Andreas Maier, Christian Riess Pattern Recognition

More information

Main-Memory Databases 1 / 25

Main-Memory Databases 1 / 25 1 / 25 Motivation Hardware trends Huge main memory capacity with complex access characteristics (Caches, NUMA) Many-core CPUs SIMD support in CPUs New CPU features (HTM) Also: Graphic cards, FPGAs, low

More information

Development of a Web 2.0 Firewall

Development of a Web 2.0 Firewall Development of a Web 2.0 Firewall Parallel Application Recognition in Overlay Networks Author: Alexander von Gernler, genua mbh Abstract: Nowadays it is hardly possible to envisage modern web sites without

More information

VIBbox 64-Channel Sound & Vibration Solution

VIBbox 64-Channel Sound & Vibration Solution VIBbox 64-Channel Sound & Vibration Solution VIBbox is a high-accuracy, high channel count, dynamic signal analyzer system for sound and vibration applications. VIBbox packages four DT9857E modules in

More information

Runtime Adaptation of Application Execution under Thermal and Power Constraints in Massively Parallel Processor Arrays

Runtime Adaptation of Application Execution under Thermal and Power Constraints in Massively Parallel Processor Arrays Runtime Adaptation of Application Execution under Thermal and Power Constraints in Massively Parallel Processor Arrays Éricles Sousa 1, Frank Hannig 1, Jürgen Teich 1, Qingqing Chen 2, and Ulf Schlichtmann

More information

(Advanced) Computer Organization & Architechture. Prof. Dr. Hasan Hüseyin BALIK (3 rd Week)

(Advanced) Computer Organization & Architechture. Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) + (Advanced) Computer Organization & Architechture Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) + Outline 2. The computer system 2.1 A Top-Level View of Computer Function and Interconnection 2.2 Cache Memory

More information

Operating Systems. Lecture 09: Input/Output Management. Elvis C. Foster

Operating Systems. Lecture 09: Input/Output Management. Elvis C. Foster Operating Systems 141 Lecture 09: Input/Output Management Despite all the considerations that have discussed so far, the work of an operating system can be summarized in two main activities input/output

More information

Dalí: A Periodically Persistent Hash Map

Dalí: A Periodically Persistent Hash Map Dalí: A Periodically Persistent Hash Map Faisal Nawab* 1, Joseph Izraelevitz* 2, Terence Kelly*, Charles B. Morrey III*, Dhruva R. Chakrabarti*, and Michael L. Scott 2 1 Department of Computer Science

More information

Recursion: The Beginning

Recursion: The Beginning Yufei Tao ITEE University of Queensland This lecture is the inception of a powerful technique called recursion. If used judiciously, this technique can simplify the design of an algorithm significantly,

More information

CSL373: Lecture 5 Deadlocks (no process runnable) + Scheduling (> 1 process runnable)

CSL373: Lecture 5 Deadlocks (no process runnable) + Scheduling (> 1 process runnable) CSL373: Lecture 5 Deadlocks (no process runnable) + Scheduling (> 1 process runnable) Past & Present Have looked at two constraints: Mutual exclusion constraint between two events is a requirement that

More information

AccessData. Triage. Quick Start Guide

AccessData. Triage. Quick Start Guide AccessData Triage Quick Start Guide 3 AccessData Legal and Contact Information Document date: October 16, 2013 Legal Information 2013 AccessData Group, Inc All rights reserved. No part of this publication

More information

Practical Keystroke Timing Attacks in Sandboxed JavaScript

Practical Keystroke Timing Attacks in Sandboxed JavaScript Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology Motivation Keystroke timing

More information

Android. Android. Android OS Cache-Crypt. Page Cache Encryption for Protecting Android Devices against Theft

Android. Android. Android OS Cache-Crypt. Page Cache Encryption for Protecting Android Devices against Theft Vol.53 No.10 1 7 (Oct. 2012) Android 1 1 2011 11 4, 2011 12 1 Android Android OS Android Cache-Crypt Cache-Crypt OS Cache-Crypt Android OS Cache-Crypt Android Page Cache Encryption for Protecting Android

More information

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts Toshiyuki Maeda and Akinori Yonezawa University of Tokyo Quiz [Environment] CPU: Intel Xeon X5570 (2.93GHz)

More information

Switching Using Parallel Input Output Queued Switches With No Speedup

Switching Using Parallel Input Output Queued Switches With No Speedup IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 10, NO. 5, OCTOBER 2002 653 Switching Using Parallel Input Output Queued Switches With No Speedup Saad Mneimneh, Vishal Sharma, Senior Member, IEEE, and Kai-Yeung

More information

Advanced Memory Management

Advanced Memory Management Advanced Memory Management Main Points Applications of memory management What can we do with ability to trap on memory references to individual pages? File systems and persistent storage Goals Abstractions

More information

Windows Memory Analysis. Jesse Kornblum

Windows Memory Analysis. Jesse Kornblum C Y B E R S E C T O R Windows Memory Analysis Jesse Kornblum Why Memory Analysis Windows without Windows Gathering Information Parsing the Processes The Rootkit Paradox Address Translation Recovering Executables

More information

NEW YORK PUBLIC LIBRARY

NEW YORK PUBLIC LIBRARY NEW YORK PUBLIC LIBRARY S U S A N M A L S B U R Y A N D N I C K K R A B B E N H O E F T O V E R V I E W The New York Public Library includes three research libraries that collect archival material: the

More information

Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability. Michael J. Silbersack. November 26th, 2005

Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability. Michael J. Silbersack. November 26th, 2005 Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability Michael J. Silbersack November 26th, 2005 http://www.silby.com/eurobsdcon05/ What does that title mean? TCP was not

More information

Ricardo Rocha. Department of Computer Science Faculty of Sciences University of Porto

Ricardo Rocha. Department of Computer Science Faculty of Sciences University of Porto Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Slides based on the book Operating System Concepts, 9th Edition, Abraham Silberschatz, Peter B. Galvin and Greg Gagne,

More information

COP 4531 Complexity & Analysis of Data Structures & Algorithms

COP 4531 Complexity & Analysis of Data Structures & Algorithms COP 4531 Complexity & Analysis of Data Structures & Algorithms Amortized Analysis Thanks to the text authors who contributed to these slides What is amortized analysis? Analyze a sequence of operations

More information

Software Engineering at VMware Dan Scales May 2008

Software Engineering at VMware Dan Scales May 2008 Software Engineering at VMware Dan Scales May 2008 Eng_BC_Mod 1.Product Overview v091806 The Challenge Suppose that you have a very popular software platform: that includes hardware-level and OS code that

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

CSE 530A ACID. Washington University Fall 2013

CSE 530A ACID. Washington University Fall 2013 CSE 530A ACID Washington University Fall 2013 Concurrency Enterprise-scale DBMSs are designed to host multiple databases and handle multiple concurrent connections Transactions are designed to enable Data

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback