ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Memory analysis"

From ForensicsWiki
Jump to: navigation, search
(Add "Lest We Remember: Cold Boot Attacks on Encryption Keys" paper.)
(Encryption Keys)
Line 4: Line 4:
 
* [[Linux Memory Analysis]]
 
* [[Linux Memory Analysis]]
 
* [[FreeBSD Memory Analysis]]
 
* [[FreeBSD Memory Analysis]]
 +
 +
== Encryption Keys ==
 +
 +
Various types of encryption keys can be extracted during memory analysis.
 +
You can use [[AESKeyFinder]] to extract 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] to extract all private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/].
  
 
== See Also ==  
 
== See Also ==  
Line 14: Line 19:
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
 
* [http://citp.princeton.edu/memory/ Lest We Remember: Cold Boot Attacks on Encryption Keys] ([http://citp.princeton.edu.nyud.net/pub/coldboot.pdf PDF])
 
* [http://citp.princeton.edu/memory/ Lest We Remember: Cold Boot Attacks on Encryption Keys] ([http://citp.princeton.edu.nyud.net/pub/coldboot.pdf PDF])
 +
[[http://www.example.com link title]]

Revision as of 14:57, 29 July 2008

Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:

Encryption Keys

Various types of encryption keys can be extracted during memory analysis. You can use AESKeyFinder to extract 128-bit and 256-bit AES keys and RSAKeyFinder to extract all private and public RSA keys from a memory dump [1].

See Also

Weblinks

[link title]