Tools:Memory Imaging

From ForensicsWiki
Revision as of 15:20, 30 April 2006 by Simsong (Talk | contribs) (Created from Tools page)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

At CanSec West 05, Michael Becher, Maximillian Dornseif, and Christian N. Klein discussed an exploit which uses DMA to read arbitrary memory locations of a firewire-enabled system. The paper lists more details. The exploit is run on an iPod running Linux. This can be used to grab screen contents.

In theory, this could be used with the ... to send through an exploit code that would cause the system to dump the contents of its hard drive back to the iPod.