Difference between revisions of "Memory analysis"

From ForensicsWiki
Jump to: navigation, search
(Add "Lest We Remember: Cold Boot Attacks on Encryption Keys" paper.)
(Encryption Keys)
Line 4: Line 4:
 
* [[Linux Memory Analysis]]
 
* [[Linux Memory Analysis]]
 
* [[FreeBSD Memory Analysis]]
 
* [[FreeBSD Memory Analysis]]
 +
 +
== Encryption Keys ==
 +
 +
Various types of encryption keys can be extracted during memory analysis.
 +
You can use [[AESKeyFinder]] to extract 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] to extract all private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/].
  
 
== See Also ==  
 
== See Also ==  
Line 14: Line 19:
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Paul Movall, Ward Nelson, Shaun Wetzstein: Linux Physical Memory Analysis] (PDF)
 
* [http://citp.princeton.edu/memory/ Lest We Remember: Cold Boot Attacks on Encryption Keys] ([http://citp.princeton.edu.nyud.net/pub/coldboot.pdf PDF])
 
* [http://citp.princeton.edu/memory/ Lest We Remember: Cold Boot Attacks on Encryption Keys] ([http://citp.princeton.edu.nyud.net/pub/coldboot.pdf PDF])
 +
[[http://www.example.com link title]]

Revision as of 10:57, 29 July 2008

Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:

Encryption Keys

Various types of encryption keys can be extracted during memory analysis. You can use AESKeyFinder to extract 128-bit and 256-bit AES keys and RSAKeyFinder to extract all private and public RSA keys from a memory dump [1].

See Also

Weblinks

[link title]